> I have security concerns as well, but not in buildbot itself. My > project is restricted even withinz the company I work for so I need > the buildbot web server to only be available to certain people. > HTTPS access would be nice too. TwistedWeb doesn't seem to have > support for either HTTPS or authentication so I've been forced to > "hide" it by putting it on a non-standard port. Very weak.
Actually twisted-web provides pretty good support for both SSL and password-based authentication, but my own web skills are too weak to really figure out how to take advantage of them. I've been hoping to address this in the "web status page cleanup" item on the TODO list, but other bugs and features keep getting in the way. There are a couple of examples of setting up an HTTPS website in the twisted docs, in case you're interested. I think the changes would only have to go into Waterfall.setup, probably just replacing the internet.TCPServer() call to something involving SSL. The authentication stuff is called "guard", and I think it would involve inserting an additional password-checking resource between the top-level server.Site and the primary html.StatusResource object. But, as I said, my twisted-web-foo is not strong, so I could be completely wrong about this. cheers, -Brian _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
