Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upBuildmaster API needs a password #172
Closed
Assignees
Comments
|
It has one I'm pretty sure. Check the config and secrets file. |
|
The force build button is still visible here without being logged in. http://build.servo.org/builders/linux-rel |
bors-servo
added a commit
that referenced
this issue
Mar 23, 2016
Require auth for all buildbot actions http://docs.buildbot.net/0.8.1/WebStatus-Configuration-Parameters.html Addresses #172 <!-- Reviewable:start --> --- This change is [<img src="https://reviewable.io/review_button.svg" height="35" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/saltfs/272) <!-- Reviewable:end -->
|
OK, now that that's deployed... Saying 'True' rather than 'auth' for all actions meant anybody could force and kill builds, regardless of login status. @metajack was correct that a password was set, but the prior config missed the step of testing whether or not the user was authed before allowing all actions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Could be possible to trigger arbitrary builds right now.