[
https://jira.codehaus.org/browse/CONTINUUM-2632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=271702#comment-271702
]
Maria Odea Ching commented on CONTINUUM-2632:
---------------------------------------------
Fix committed to trunk
[-r1140480|http://svn.apache.org/viewvc?rev=1140480&view=rev].
With the committed implementation, it is no longer possible to browse the
working copies in the build agent directly. Only the build agent's master is
allowed to access it. I made use of the shared secret key/password to verify
that the request came from the master. If the password attached to the request
matches the {{sharedSecretPassword}} configured in the build agent, the request
would be allowed. Otherwise, a 401 error will be returned.
> Secure working copies of Continuum build agents
> -----------------------------------------------
>
> Key: CONTINUUM-2632
> URL: https://jira.codehaus.org/browse/CONTINUUM-2632
> Project: Continuum
> Issue Type: New Feature
> Components: Distributed Builds, Security, XMLRPC Interface
> Affects Versions: 1.4.0 (Beta)
> Reporter: Maria Odea Ching
> Assignee: Maria Odea Ching
> Fix For: 1.4.1 (Beta)
>
>
> When CONTINUUM-2545 (Add WebDAV interface to continuum build agent for
> displaying the working copies) was implemented, there was no security
> implemented so anyone can access the working copies via webdav.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
