[Buildbot-devel] Security with repourls
brian.gunnison at intel.com
Tue Jun 15 17:07:29 UTC 2010
I have a Repo URL of the form:
MasterRepoURL = 'https://myusername:firstname.lastname@example.org/'
I can put the above in the clear in master.cfg, but that is not safe.
I then did this:
passwd = base64.b64decode('rgthyde34=-') #not the real string obviously
MasterRepoURL = 'https://myusername:%email@example.com/' % passwd
This is better, as editors of master.cfg will have to do a bit of work, I'll improve this by putting the base64 invocation in another file.
Now the buildbot log files and the waterfall all have the password in the clear, so I modified buildstep.py where cmd.args is logged to not log if the dict contains "repourl".
Any other security leaks?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the devel