[Buildbot-devel] Re: [Python-Dev] buildbot

Brian Warner warner at lothar.com
Tue Jan 10 18:16:11 UTC 2006

> I have security concerns as well, but not in buildbot itself.  My  
> project is restricted even withinz the company I work for so I need  
> the buildbot web server to only be available to certain people.   
> HTTPS access would be nice too.  TwistedWeb doesn't seem to have  
> support for either HTTPS or authentication so I've been forced to  
> "hide" it by putting it on a non-standard port.  Very weak.

Actually twisted-web provides pretty good support for both SSL and
password-based authentication, but my own web skills are too weak to really
figure out how to take advantage of them. I've been hoping to address this in
the "web status page cleanup" item on the TODO list, but other bugs and
features keep getting in the way.

There are a couple of examples of setting up an HTTPS website in the twisted
docs, in case you're interested. I think the changes would only have to go
into Waterfall.setup, probably just replacing the internet.TCPServer() call
to something involving SSL.

The authentication stuff is called "guard", and I think it would involve
inserting an additional password-checking resource between the top-level
server.Site and the primary html.StatusResource object. But, as I said, my
twisted-web-foo is not strong, so I could be completely wrong about this.


More information about the devel mailing list