Ok, makes sense :) I thought we'll be allowing per user access at the project level when I drafted the proposal.
Thanks, Deng On Thu, Jun 2, 2011 at 12:27 AM, Brett Porter <[email protected]> wrote: > I'd agree with Wendy, at least at this point. There's no need for the > complexity of user or project-level auth on the build agent. We also should > remember that anyone that can run a build, can access every working copy on > the agent via the backdoor :) > > I do think there's some value to per-user access to the WC from the agent > over HTTP, as long as none of the info is duplicated - but I'd consider that > a separate feature, not a core part of how this should be implemented. > > - Brett > > On 01/06/2011, at 9:18 PM, Wendy Smoak wrote: > > > On Tue, May 31, 2011 at 4:57 AM, Deng Ching <[email protected]> wrote: > >> Currently, there is no security implemented for accessing (read-only) > the > >> working copies in the build agent via webdav. For CONTINUUM-2632, I'm > >> planning to use a similar mechanism as with Maven when > downloading/getting > >> artifacts from a secured repository: > > ... > > > > This seems to imply that people would be accessing the build agent > > individually? I don't think the build agent needs to know about users > > -- the access should all go through the master which can handle > > security via the user database. > > > > If you introduce an xml file on the build agent, how would it get > > populated for a new build agent, or updated for an existing one? It > > also seems like that file would duplicate information already stored > > in the user database (what user can see what group). > > > > I think the build agent should only respond to requests from the > > master. It shouldn't be talking to anybody else. As long as it has > > some way to verify that the request is indeed coming from the master, > > I think that's enough to keep the working copies reasonably secure. > > > > -- > > Wendy > > -- > Brett Porter > [email protected] > http://brettporter.wordpress.com/ > http://au.linkedin.com/in/brettporter > > > > >
