Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] [Hudson] access to Hudson build configurations is public

> For what it's worth, Hudson was set up by (Rich Gronback? Adrian Skehill?)
> specifically for the Galileo build.  I'm a bit out of the loop, but it seems
> people are using it for much more than that.

I know - it works and we all piled on and constructed a favela out
of the available materials. Now we are demanding clean water and
sanitation ;-)

>Perhaps Rich, Adrian and/or
> other Hudson experts can chime in and configure it to be more secure?

If you try to create a new job, then you get asked to log in. If you go to
the home page, you get asked to log in. If you view a job, then hit
'configure' or 'build now' it doesn't ask you to log in. So I think we need
to start with requiring login for those capabilities (and of course things
like 'delete project', 'edit description', basically anything writable).

Maybe the most lightweight action to take now is let apache
do the securing [1]?



Back to the top