Hacker News new | past | comments | ask | show | jobs | submit login

Asked my team to review their Jenkins passwords and Jenkins user rights...



I don't know if you're doing this, but I think it's a bad idea to leave Jenkins publicly accessible. Indeed, IMHO, it's a bad idea to leave stuff that should not be accessible by the general public publicly accessible. Especially things that have access to your code.

Do ask your team to review passwords and user rights, but also put this service and others like it behind a VPN. Then both the VPN server and Jenkins will have to have holes simultaneously before you get hacked.


As the main hero of that story, I can assure you that we are working on VPN setup right now. I guess this is not in top-10 checklist for a startup.


Should've coded the whole thing in Makumba and this would've never happened!!one




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: