Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] [Hudson] access to Hudson build configurations is public

Ouch, that is not good.  Yes, I agree we should definitely tighten things down.

For what it's worth, Hudson was set up by (Rich Gronback? Adrian Skehill?) specifically for the Galileo build.  I'm a bit out of the loop, but it seems people are using it for much more than that.  Perhaps Rich, Adrian and/or other Hudson experts can chime in and configure it to be more secure?

Denis


Oisin Hurley wrote:
I just received a worrying email which stated that Hudson job configurations
are editable by anyone with the correct URL for the job..

I just managed to confirm this.

When I go to build.eclipse.org/hudson, I'm asked to login with my
build infrastructure credentials. If I go direct to the job, for example

https://build.eclipse.org/hudson/job/stp.sca-tools.trunk/

then I don't have to log in at all and can muck about with the
job at will :(

I'd like to keep build control in the hands of the project leads and
designated builders only - requiring b.e.o. login would be good
enough.

Do you think we could introduce some access control on those
jobs pages?

 --oh
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/cross-project-issues-dev
  

--
Denis Roy
I'm going to EclipseCon 2009

Back to the top