Hi
Before sending my earlier too-simple response to accessing
download.eclipse.org, I checked and corrected the permissions of
https://ci.eclipse.org/ocl/job/promoter/
It would appear that the intention to provide read access by
default is not happening in practice. It would appear that most
jobs do not comply.
I see two sets of defaults. One for anonymous and one for
authenticated users. Does "authenticated" mean logged in? Both
sets of permissions seem blank by default.
I feel that it is very important to at least allow logged in users
to read the job config. The only security issue I can see is if some
script has a clear text password, which seems like a very
undesirable practice meriting an alternative solution, just possibly
an explicitly private config.
Regards
Ed Willink
On 10/10/2018 11:07, Mickael Istria
wrote:
By default, anonymous users have the following
permissions:
* Overall/Read
* Job/Read
So anonymous users can see build results, build artifacts
& console logs.
Ok, so that could be an issue with my specific pipeline
job then.
By default, all logged in committers also have the
following permission:
* Job/ExtendedRead
This allows to *read* the job configuration.
Ok, good then.
Allowing non-privileged users to read the job
configuration *can* be a
potential security issue.
Out of curiosity, what kind of security issue could it be?
_______________________________________________
cbi-dev mailing list
cbi-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/cbi-dev
|