Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-17103

Apply credentials also to separate server used from svn:externals

    Details

    • Similar Issues:

      Description

      See stackoverflow question and user for details including workaround.

        Attachments

          Issue Links

            Activity

            Hide
            winotu Chris Z added a comment -

            It will be quite nice feature to have.

            Show
            winotu Chris Z added a comment - It will be quite nice feature to have.
            Hide
            jglick Jesse Glick added a comment -

            I think this kind of thing is handled better in the new refactoring branch.

            Show
            jglick Jesse Glick added a comment - I think this kind of thing is handled better in the new refactoring branch.
            Hide
            stephenconnolly Stephen Connolly added a comment -

            the 2.0 refactoring allows adding additional credentials which will be tried in turn for the svn:externals

            Show
            stephenconnolly Stephen Connolly added a comment - the 2.0 refactoring allows adding additional credentials which will be tried in turn for the svn:externals
            Hide
            soukupmi michael soukup added a comment -

            Nice feature.

            The only issue I (and some others) have with this is - you must specify additional credentials now for all your external projects, even if they are on the same server.
            see JENKINS-21785
            maybe you could use the additional credentials only if the already provided credentials for the repository fail. Otherwise the workaround makes it a necessity to edit a lot of jobs.

            Show
            soukupmi michael soukup added a comment - Nice feature. The only issue I (and some others) have with this is - you must specify additional credentials now for all your external projects , even if they are on the same server . see JENKINS-21785 maybe you could use the additional credentials only if the already provided credentials for the repository fail. Otherwise the workaround makes it a necessity to edit a lot of jobs.
            Hide
            stephenconnolly Stephen Connolly added a comment -

            This is a necessary security fix to resolve a vulnerability whereby commit access to one portion of a subversion repository can be used to hijack Jenkins' credentials (which are typically global read) to gain read access to the rest of the repository. A valid enhancement request would be a checkbox to allow opting in to using the module credentials on matching externals

            Show
            stephenconnolly Stephen Connolly added a comment - This is a necessary security fix to resolve a vulnerability whereby commit access to one portion of a subversion repository can be used to hijack Jenkins' credentials (which are typically global read) to gain read access to the rest of the repository. A valid enhancement request would be a checkbox to allow opting in to using the module credentials on matching externals
            Hide
            davida2009 davida2009 added a comment -

            Hi Stephen,

            A valid enhancement request would be a checkbox to allow opting in to using the module credentials on matching externals

            Your suggested enhancement request sounds good to me. Can we treat this JIRA as that request, or is there another, or does one need to be created?
            BR
            David

            Show
            davida2009 davida2009 added a comment - Hi Stephen, A valid enhancement request would be a checkbox to allow opting in to using the module credentials on matching externals Your suggested enhancement request sounds good to me. Can we treat this JIRA as that request, or is there another, or does one need to be created? BR David
            Hide
            danielbeck Daniel Beck added a comment -

            Stephen Connolly That looks a lot like what I'm suggesting here – or how'd you determine what "matching externals" are?

            Show
            danielbeck Daniel Beck added a comment - Stephen Connolly That looks a lot like what I'm suggesting here – or how'd you determine what "matching externals" are?

              People

              • Assignee:
                Unassigned
                Reporter:
                jglick Jesse Glick
              • Votes:
                5 Vote for this issue
                Watchers:
                14 Start watching this issue

                Dates

                • Created:
                  Updated: