You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@flex.apache.org by Alex Harui <ah...@adobe.com> on 2017/02/13 16:25:48 UTC
Login Security (was Re: Donating to Apache Flex)
Another technical thread....
On 2/13/17, 12:28 AM, "Christofer Dutz" <ch...@c-ware.de> wrote:
>
>There is a HUGE difference between setting up a Jenkins on the Intranet
>and running a Jenkins on the Internet. From the end-user’s perspective,
>this isn’t noticeable, but when administrating these system, it is huge.
>I had been working on a solution for assisting companies to detect and
>fix security vulnerabilities for 4-5 years and have learnt quite a lot on
>this. Just some things that would pop my mind:
>- You must integrate the authentication into the ASF LDAP (Setting up a
>separate one is out of the question)
Why is this a requirement? ASF Wiki and ASF Jenkins have separate account
systems? Don't many folks have logins and multiple users for VMs running
in Azure and AWS?
Thanks,
-Alex
Re: Login Security (was Re: Donating to Apache Flex)
Posted by Christofer Dutz <ch...@c-ware.de>.
Hi Alex,
Well I think we shouldn’t go down the path of yet another login. I really like the ASF LDAP system. This must be managed and taken care of.
Chris
Am 13.02.17, 17:25 schrieb "Alex Harui" <ah...@adobe.com>:
Another technical thread....
On 2/13/17, 12:28 AM, "Christofer Dutz" <ch...@c-ware.de> wrote:
>
>There is a HUGE difference between setting up a Jenkins on the Intranet
>and running a Jenkins on the Internet. From the end-user’s perspective,
>this isn’t noticeable, but when administrating these system, it is huge.
>I had been working on a solution for assisting companies to detect and
>fix security vulnerabilities for 4-5 years and have learnt quite a lot on
>this. Just some things that would pop my mind:
>- You must integrate the authentication into the ASF LDAP (Setting up a
>separate one is out of the question)
Why is this a requirement? ASF Wiki and ASF Jenkins have separate account
systems? Don't many folks have logins and multiple users for VMs running
in Azure and AWS?
Thanks,
-Alex