Bug#675233: jenkins: Please secure access to jenkins or provide instructions to do so
Olivier Berger
olivier.berger at it-sudparis.eu
Wed May 30 16:41:12 UTC 2012
Package: jenkins
Severity: normal
Hi.
By default, AFAICT, Jenkins will be installed running on port 8080, accessible from anywhere, and fully configurable by anyone. I believed this is dangerous, security wise.
Please either provide a default setup which limits its openness for instance allowing only local clients to connect on localhost:8080, or at minimum an important message when it gets installed via APT debconf templates, referring to a README providing instructions on how to configure its security.
https://wiki.jenkins-ci.org/display/JENKINS/Standard+Security+Setup seems a good start for such instructions, I guess, but I'm no Jenkins guru.
Best regards,
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (900, 'testing'), (300, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
More information about the pkg-java-maintainers
mailing list