[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cbi-dev] HIPP user rights

In my opinion workspaces should not be shared with anonymous users as there's no way to know for sure what is beign shared and they only exist until the next build starts, which depending on how active your project is might not be very long. Instead if you want to retain certain files such as logs you should use the Hudson Archiving feature to save specifically selected data with the build results.


On Mon, Feb 22, 2016 at 6:44 AM, Christian Pontesegger <christian.pontesegger@xxxxxx> wrote:

we had this topic with some bad commits that were used to inject bad code that runs on HIPP and may harm the eclipse infrastructure. So I guess we might help these attackers a little when we expose what our build jobs do and how the workspace looks like. This was the reason I asked for any security concerns.