Continuum
  1. Continuum
  2. CONTINUUM-2632

Secure working copies of Continuum build agents

    Details

    • Complexity:
      Intermediate
    • Number of attachments :
      0

      Description

      When CONTINUUM-2545 (Add WebDAV interface to continuum build agent for displaying the working copies) was implemented, there was no security implemented so anyone can access the working copies via webdav.

        Issue Links

          Activity

          Show
          Maria Odea Ching added a comment - Related discussions in the dev list for this issue: http://old.nabble.com/Added-WebDAV-interface-for-displaying-the-working-copies-from-build--agent-td29202005.html http://old.nabble.com/Build-agent-security-td30547566.html http://old.nabble.com/How-can-an-agent-be-sure-that-a-request-comes-from-its-master--td21546892.html
          Hide
          Maria Odea Ching added a comment -

          Fix committed to trunk -r1140480.

          With the committed implementation, it is no longer possible to browse the working copies in the build agent directly. Only the build agent's master is allowed to access it. I made use of the shared secret key/password to verify that the request came from the master. If the password attached to the request matches the sharedSecretPassword configured in the build agent, the request would be allowed. Otherwise, a 401 error will be returned.

          Show
          Maria Odea Ching added a comment - Fix committed to trunk -r1140480 . With the committed implementation, it is no longer possible to browse the working copies in the build agent directly. Only the build agent's master is allowed to access it. I made use of the shared secret key/password to verify that the request came from the master. If the password attached to the request matches the sharedSecretPassword configured in the build agent, the request would be allowed. Otherwise, a 401 error will be returned.

            People

            • Assignee:
              Maria Odea Ching
              Reporter:
              Maria Odea Ching
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: