Security Issue on Forge
jamonation at gmail.com
jamonation at gmail.com
Wed Nov 3 15:58:20 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi All,
The new Continuum builder at forge.fluidproject.org is currently running daily builds of the Infusion Builder tool. Part of the Continuum build process passes arguments to Ant, which then substitutes them into the build.xml file, which is used to package and deploy the Infusion builder.
In examining how that build process works, I noticed that the Infusion Builder project page in Continuum had the MySQL user name and password exposed. As far as I can tell, that has been the case since the builder was first setup. I am not sure who oversaw that process.
At the moment all arguments to Ant have been removed so the daily build will fail. I will work with Justin and Cindy, or whomever else needs to be involved to resolve the issue, but the builder must be offline until the issue can be resolved.
In the future, for any new Continuum build or changes to existing ones, please check with either myself or Armin to ensure that vital information is not exposed to the world.
Regards, Jamon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkzRhpoACgkQF4SCUfRA1heHUQCcCREm9ioHjxAJgs7OnGDdWku2
UfIAoI8o0DxYIjrpMf+akRZCYBwp5zid
=7MMl
-----END PGP SIGNATURE-----
More information about the fluid-work
mailing list