Are we using the security system of Continuum to authenticate or are we going
to need a webservice for Redback authentication?
On Tuesday, 07 June, 2011 10:43 AM, Deng Ching wrote:
Ok, makes sense :) I thought we'll be allowing per user access at the
project level when I drafted the proposal.
Thanks,
Deng
On Thu, Jun 2, 2011 at 12:27 AM, Brett Porter<[email protected]> wrote:
I'd agree with Wendy, at least at this point. There's no need for the
complexity of user or project-level auth on the build agent. We also should
remember that anyone that can run a build, can access every working copy on
the agent via the backdoor :)
I do think there's some value to per-user access to the WC from the agent
over HTTP, as long as none of the info is duplicated - but I'd consider that
a separate feature, not a core part of how this should be implemented.
- Brett
On 01/06/2011, at 9:18 PM, Wendy Smoak wrote:
On Tue, May 31, 2011 at 4:57 AM, Deng Ching<[email protected]> wrote:
Currently, there is no security implemented for accessing (read-only)
the
working copies in the build agent via webdav. For CONTINUUM-2632, I'm
planning to use a similar mechanism as with Maven when
downloading/getting
artifacts from a secured repository:
...
This seems to imply that people would be accessing the build agent
individually? I don't think the build agent needs to know about users
-- the access should all go through the master which can handle
security via the user database.
If you introduce an xml file on the build agent, how would it get
populated for a new build agent, or updated for an existing one? It
also seems like that file would duplicate information already stored
in the user database (what user can see what group).
I think the build agent should only respond to requests from the
master. It shouldn't be talking to anybody else. As long as it has
some way to verify that the request is indeed coming from the master,
I think that's enough to keep the working copies reasonably secure.
--
Wendy
--
Brett Porter
[email protected]
http://brettporter.wordpress.com/
http://au.linkedin.com/in/brettporter
--
Thanks,
Jev
