[Buildbot-devel] Security with repourls
Gunnison, Brian
brian.gunnison at intel.com
Tue Jun 15 17:07:29 UTC 2010
Hi,
I have a Repo URL of the form:
MasterRepoURL = 'https://myusername:mypasswd@xxx.xxx.com/'
I can put the above in the clear in master.cfg, but that is not safe.
I then did this:
import base64
passwd = base64.b64decode('rgthyde34=-') #not the real string obviously
MasterRepoURL = 'https://myusername:%s@xxx.xxx.com/' % passwd
This is better, as editors of master.cfg will have to do a bit of work, I'll improve this by putting the base64 invocation in another file.
Now the buildbot log files and the waterfall all have the password in the clear, so I modified buildstep.py where cmd.args is logged to not log if the dict contains "repourl".
Any other security leaks?
Thanks,
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://buildbot.net/pipermail/devel/attachments/20100615/6296bca4/attachment.html>
More information about the devel
mailing list