Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-30749

Jenkins should be secure out of the box by default

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      The default setup is of jenkins should be secure out-of-the-box and the admin must change it to be insecure if they desire.

      • Things like listen on localhost only (for http/https/ssh/cli etc)
      • ship with jenkins own security realm by default without allow users to sign up and a single admin user pre-defined.
      • Force password expiry on the local user database (to ensure the password is changed at first login)
      • Local user database should be able to support locking accounts (to prevent brute force attacks)

      See also: Design

        Attachments

          Issue Links

            Activity

            teilo James Nord created issue -
            teilo James Nord made changes -
            Field Original Value New Value
            Component/s security [ 15508 ]
            jglick Jesse Glick made changes -
            Labels security
            jglick Jesse Glick made changes -
            Component/s security [ 15508 ]
            Component/s packaging [ 20120 ]
            jglick Jesse Glick made changes -
            Assignee Kohsuke Kawaguchi [ kohsuke ]
            jglick Jesse Glick made changes -
            Labels security 2.0 security
            jglick Jesse Glick made changes -
            Link This issue is related to JENKINS-24513 [ JENKINS-24513 ]
            kohsuke Kohsuke Kawaguchi made changes -
            Epic Link JENKINS-31157 [ 165813 ]
            danielbeck Daniel Beck made changes -
            Link This issue is related to JENKINS-12731 [ JENKINS-12731 ]
            danielbeck Daniel Beck made changes -
            Labels 2.0 security 2.0-planned security
            hrmpw Patrick Wolf made changes -
            Assignee Keith Zantow [ kzantow ]
            hrmpw Patrick Wolf made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            kzantow Keith Zantow made changes -
            Description The default setup is of jenkins should be secure out-of-the-box and the admin must change it to be insecure if they desire.

            * Things like listen on localhost only (for http/https/ssh/cli etc)
            * ship with jenkins own security realm by default without allow users to sign up and a single admin user pre-defined.
            * Force password expiry on the local user database (to ensure the password is changed at first login)
            * Local user database should be able to support locking accounts (to prevent brute force attacks)
            The default setup is of jenkins should be secure out-of-the-box and the admin must change it to be insecure if they desire.

            * Things like listen on localhost only (for http/https/ssh/cli etc)
            * ship with jenkins own security realm by default without allow users to sign up and a single admin user pre-defined.
            * Force password expiry on the local user database (to ensure the password is changed at first login)
            * Local user database should be able to support locking accounts (to prevent brute force attacks)

            See also: [Design|https://docs.google.com/document/d/1kD3xVoarOaHPEs1yi1VaES12Ksca_NKRNYA3MDsdu_k]
            danielbeck Daniel Beck made changes -
            Labels 2.0-planned security 2.0 2.0-planned security
            danielbeck Daniel Beck made changes -
            Status In Progress [ 3 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            rtyler R. Tyler Croy made changes -
            Link This issue is blocking JENKINS-33462 [ JENKINS-33462 ]
            jglick Jesse Glick made changes -
            Link This issue depends on JENKINS-33595 [ JENKINS-33595 ]
            jglick Jesse Glick made changes -
            Link This issue depends on JENKINS-33596 [ JENKINS-33596 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 165875 ] JNJira + In-Review [ 197837 ]

              People

              • Assignee:
                kzantow Keith Zantow
                Reporter:
                teilo James Nord
              • Votes:
                2 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: