[
http://jira.codehaus.org/browse/CONTINUUM-2044?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=230203#action_230203
]
Wendy Smoak commented on CONTINUUM-2044:
----------------------------------------
Also need to consider CONTINUUM-2545 which added a webdav interface that
currently does respond to anyone who connects.
> Build agent should only accept requests from its master
> -------------------------------------------------------
>
> Key: CONTINUUM-2044
> URL: http://jira.codehaus.org/browse/CONTINUUM-2044
> Project: Continuum
> Issue Type: Improvement
> Components: Distributed Builds
> Affects Versions: 1.3.1 (Alpha)
> Reporter: Wendy Smoak
> Fix For: 1.4.1 (Beta)
>
>
> In the current implementation, a build agent will accept a request from
> anyone who knows the url, although it will only send responses to the master
> url in its config file.
> The agent should only accept requests from its master, and should send an
> error response to any other requests.
> On the dev list, Christian suggested using a shared secret as the simplest
> way for the agent to be sure the master making the request is who it says it
> is. See:
> http://www.nabble.com/How-can-an-agent-be-sure-that-a-request-comes-from-its-master--td21546892.html
> Related to CONTINUUM-2041 (Master should be able to detect an incorrect
> master url in a build agent's config file)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
