You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@continuum.apache.org by "Maria Odea Ching (JIRA)" <ji...@codehaus.org> on 2011/05/31 08:59:22 UTC
[jira] Created: (CONTINUUM-2632) Secure working copies of Continuum
build agents
Secure working copies of Continuum build agents
-----------------------------------------------
Key: CONTINUUM-2632
URL: http://jira.codehaus.org/browse/CONTINUUM-2632
Project: Continuum
Issue Type: New Feature
Components: Distributed Builds, Security, XMLRPC Interface
Affects Versions: 1.4.0 (Beta)
Reporter: Maria Odea Ching
When CONTINUUM-2545 (Add WebDAV interface to continuum build agent for displaying the working copies) was implemented, there was no security implemented so anyone can access the working copies via webdav.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (CONTINUUM-2632) Secure working copies of Continuum
build agents
Posted by "Maria Odea Ching (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2632?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maria Odea Ching updated CONTINUUM-2632:
----------------------------------------
Fix Version/s: 1.4.1 (Beta)
> Secure working copies of Continuum build agents
> -----------------------------------------------
>
> Key: CONTINUUM-2632
> URL: http://jira.codehaus.org/browse/CONTINUUM-2632
> Project: Continuum
> Issue Type: New Feature
> Components: Distributed Builds, Security, XMLRPC Interface
> Affects Versions: 1.4.0 (Beta)
> Reporter: Maria Odea Ching
> Fix For: 1.4.1 (Beta)
>
>
> When CONTINUUM-2545 (Add WebDAV interface to continuum build agent for displaying the working copies) was implemented, there was no security implemented so anyone can access the working copies via webdav.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Assigned: (CONTINUUM-2632) Secure working copies of
Continuum build agents
Posted by "Maria Odea Ching (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/CONTINUUM-2632?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maria Odea Ching reassigned CONTINUUM-2632:
-------------------------------------------
Assignee: Maria Odea Ching
> Secure working copies of Continuum build agents
> -----------------------------------------------
>
> Key: CONTINUUM-2632
> URL: https://jira.codehaus.org/browse/CONTINUUM-2632
> Project: Continuum
> Issue Type: New Feature
> Components: Distributed Builds, Security, XMLRPC Interface
> Affects Versions: 1.4.0 (Beta)
> Reporter: Maria Odea Ching
> Assignee: Maria Odea Ching
> Fix For: 1.4.1 (Beta)
>
>
> When CONTINUUM-2545 (Add WebDAV interface to continuum build agent for displaying the working copies) was implemented, there was no security implemented so anyone can access the working copies via webdav.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-2632) Secure working copies of
Continuum build agents
Posted by "Maria Odea Ching (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/CONTINUUM-2632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=271702#comment-271702 ]
Maria Odea Ching commented on CONTINUUM-2632:
---------------------------------------------
Fix committed to trunk [-r1140480|http://svn.apache.org/viewvc?rev=1140480&view=rev].
With the committed implementation, it is no longer possible to browse the working copies in the build agent directly. Only the build agent's master is allowed to access it. I made use of the shared secret key/password to verify that the request came from the master. If the password attached to the request matches the {{sharedSecretPassword}} configured in the build agent, the request would be allowed. Otherwise, a 401 error will be returned.
> Secure working copies of Continuum build agents
> -----------------------------------------------
>
> Key: CONTINUUM-2632
> URL: https://jira.codehaus.org/browse/CONTINUUM-2632
> Project: Continuum
> Issue Type: New Feature
> Components: Distributed Builds, Security, XMLRPC Interface
> Affects Versions: 1.4.0 (Beta)
> Reporter: Maria Odea Ching
> Assignee: Maria Odea Ching
> Fix For: 1.4.1 (Beta)
>
>
> When CONTINUUM-2545 (Add WebDAV interface to continuum build agent for displaying the working copies) was implemented, there was no security implemented so anyone can access the working copies via webdav.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (CONTINUUM-2632) Secure working copies of
Continuum build agents
Posted by "Maria Odea Ching (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/CONTINUUM-2632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=269097#action_269097 ]
Maria Odea Ching commented on CONTINUUM-2632:
---------------------------------------------
Related discussions in the dev list for this issue:
http://old.nabble.com/Added-WebDAV-interface-for-displaying-the-working-copies-from-build--agent-td29202005.html
http://old.nabble.com/Build-agent-security-td30547566.html
http://old.nabble.com/How-can-an-agent-be-sure-that-a-request-comes-from-its-master--td21546892.html
> Secure working copies of Continuum build agents
> -----------------------------------------------
>
> Key: CONTINUUM-2632
> URL: http://jira.codehaus.org/browse/CONTINUUM-2632
> Project: Continuum
> Issue Type: New Feature
> Components: Distributed Builds, Security, XMLRPC Interface
> Affects Versions: 1.4.0 (Beta)
> Reporter: Maria Odea Ching
> Fix For: 1.4.1 (Beta)
>
>
> When CONTINUUM-2545 (Add WebDAV interface to continuum build agent for displaying the working copies) was implemented, there was no security implemented so anyone can access the working copies via webdav.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (CONTINUUM-2632) Secure working copies of Continuum
build agents
Posted by "Maria Odea Ching (JIRA)" <ji...@codehaus.org>.
[ https://jira.codehaus.org/browse/CONTINUUM-2632?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Maria Odea Ching closed CONTINUUM-2632.
---------------------------------------
Resolution: Fixed
> Secure working copies of Continuum build agents
> -----------------------------------------------
>
> Key: CONTINUUM-2632
> URL: https://jira.codehaus.org/browse/CONTINUUM-2632
> Project: Continuum
> Issue Type: New Feature
> Components: Distributed Builds, Security, XMLRPC Interface
> Affects Versions: 1.4.0 (Beta)
> Reporter: Maria Odea Ching
> Assignee: Maria Odea Ching
> Fix For: 1.4.1 (Beta)
>
>
> When CONTINUUM-2545 (Add WebDAV interface to continuum build agent for displaying the working copies) was implemented, there was no security implemented so anyone can access the working copies via webdav.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira