Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-30749

Jenkins should be secure out of the box by default

    Details

    • Similar Issues:

      Description

      The default setup is of jenkins should be secure out-of-the-box and the admin must change it to be insecure if they desire.

      • Things like listen on localhost only (for http/https/ssh/cli etc)
      • ship with jenkins own security realm by default without allow users to sign up and a single admin user pre-defined.
      • Force password expiry on the local user database (to ensure the password is changed at first login)
      • Local user database should be able to support locking accounts (to prevent brute force attacks)

      See also: Design

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                kzantow Keith Zantow
                Reporter:
                teilo James Nord
              • Votes:
                2 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: