I'd like to be able to have either web dashboard logged in administrators or general users depending on which the team prefers be able to see the contents of this file without remoting into the box, is this possible using the webdashboard?
This is not an answer to how it can be seen from the web dashboard...
... but it is possible to store the ccnet.config file in source control and set up a special build on the build server that automatically retrieves the newest config file.
This way you do not even have to remote into the box in order to edit the contents of the file.
See more details in the documentation:
http://confluence.public.thoughtworks.org/display/CCNET/Configure+CruiseControl.Net+to+Automatically+Update+its+Config+File
Related
I've started working on an Azure project. In terms of config, I currently have three files: ServiceConfiguration.Cloud.cscfg, ServiceConfiguration.Local.cscfg and ServiceDefinition.csdef.
ServiceDefinition.csdef is the template file for the csfg files. ServiceConfiguration.Cloud.cscfg contains all the actual Azure configuration, including DB passwords, SAS keys etc.
Should ServiceConfiguration.Cloud.cscfg be checked into source control? I wouldn't have thought so but a quick search on github for the file shows that it is.
If it should be checked in, how should the sensitive password data be managed?
I typically check in the configurations. The reason is that the behavior of your application will change dramatically depending on these configurations. For example -> number of roles for a distributed application directly affects how you process incoming messages and the vmsize directly affects how much memory you have. You may encounter issues debugging problems if each developer is using a different configuration. This standardizes your deployment.
Anything with plain-text password information shouldn't be checked into a public repo unless you want people to have access to that information.
You can add this file to the .gitignore file and prevent it from being checked in.
Provide a different ServiceConfiguration.Cloud.cscfg named something like ServiceConfiguration.Cloud.cscfg.template with all the config info of your cloud service minus the password values. If someone forks your project they need to use that and fill in the appropriate values and rename the file.
Do this and change all your passwords to something else. Even if you delete this file from the repo, it still exists in the history and anyone can view it.
I have mercurial setup by following these instructions.
I'm trying to understand where or what file to setup the users in. Everything I've read seems kind of cryptic... it gives all these snippets of code saying use this but it seems to be leaving out steps of how it's all connected and what file to put the snippets of code in... can someone please de-mystify all this for the ID10T#TheKeyboard?
Keep in mind that the basic model of Mercurial cannot actually prevent anybody from checking something in. The only thing it can do is prevent those users from uploading something to the your copy of the repository.
IIS can set up authentication so that Mercurial knows which user is doing the uploading and so only certain users are even allowed to try to upload. If all you care about is limiting who has commit access to your repository you can stop right here. But if you want something finer grained, I think you are currently out of luck.
But, if it ever ends up working with web server authentication, you'll have to use the ACL extension if you want finer grained access control than simple who's allowed to send changesets to your repository.
The way the ACL extension works when changes are being sent over a network is as a pre-transaction hook on changegroups (a set of Mercurial revisions). It can look through these changegroups to make sure all the changes satisfy a given set of criteria. There are a wide variety of criteria that can be specified.
The ACL extension can be configured either in the global hgrc file, in which case it applies to all repositories, or the .hg/hgrc file of the repository you want to control access to. In my opinion the global option isn't terribly useful.
Check out the "Securing Mercurial" section here:
http://win1337ist.wordpress.com/tag/mercurial-iis7/
Also see this related question that has a lot of good info:
How to setup Mercurial and hgwebdir on IIS?
The majority of our C# projects configuration is kept in *.ini files. Mainly these files hold
many sections affecting all aspects of programs behaviour. But besides of regular configuration data some of sections are vulnerable like db connection string or server password. We try to keep this sections in following forms:
[Database]
user=testuser
database=testdb
password=
But when developer is testing application he must fill the config in order to start application. It is quite common that some of the passwords are commited into version control.
Because these files are indispensable for application they cannot be included in .svnignore.
Probably what I'm looking for is some kind of script (maybe in powershell). That would scan all *.ini files and erase all passwords. The most interesting solution would be adding some external password storage that can be used both to encode and decode passwords in *.ini files.
I always push to store configuration template files in subversion, but not actual configuration files. So if the configuration file is "config.ini" then I'll check in a "config.ini.template" populated with non-working sample data.
Then to prevent multiple developers from checking in their individual "config.ini" files, I'll add the actual configation file name to the svn:ignore properties list.
This forces the developer to copy the file and modify it appropriately for their environment, but eases the work of that task by not forcing them to find out which fields need to be present. If you have the time, you can even embed comments into the template file to simplify the meanings of some of the configuration options.
At the top of the file, include the directions of how to configure the system using the template, which should read something like:
# *** CONFIGURATION TEMPLATE --- DO NOT MODIFY THIS FILE ***
# 1. Make a copy of this file in the same directory with the command "copy config.ini.template config.ini"
# 2. Edit the new copy and follow the rest of the instructions
#
# Change "this.system.hostname" to the hostname of this system
Hostname = this.system.hostname
# Set the answer "23" to "42"
Answer = 23
You get the idea....
If you have problems (or think you might have problems) with people checking in their configuration options over the config.ini.template file, then I'd recommend using "svn lock" on the template file. However, with the appropriate warning, I've never found it necessary.
I'll not answer your question and instead recommend a different approach, assuming it's not too late to change the relevant design.
You should not store passwords in the same files as the rest. Have the application read a dedicated password file (or retrieve the password from a password storage service) in addition to the regular configuration file. This is not just about not storing passwords in svn, but also about not having passwords exposed to shoulder surfing, accidentally mailed or posted when someone asks for help with a non-working configuration, etc.
Since 2005, when Microsoft prevented HtmlHelp functioning off a network share, e.g.:
\\appserver\tos\PointScanner.exe
\\appserver\tos\PointScanner.chm
What are we supposed to do instead?
(Given that the application is not installed locally.)
To rephrase: What is Microsoft's intended, supported, out-of-the-box, help solution?
You can allow access via the Registry setting described here:
http://support.microsoft.com/kb/896054/
If you don't want to open any security vulnerabilities by modifying Registry settings your application could also create a local copy of the .chm file, e.g. in the users temp folder (%TMP%) and open the help from there. You can remove the file again when your application exits (in case you don't want to leave anything behind on the user's workstation)
I started with the registry change mentioned by divo. Eventually I moved from network folder based chm files to actual "html help". This was easy for me since I use RoboHelp which can generate either format from the same source code.
I am looking at the cruisecontrol web dashboard. I can see one farm and one server. However, I don't see any way to add a project?
Is this something I can do with the UI or do I need to edit the config file by hand?
You'll need to edit the ccnet.config file by hand (located within the CruiseControl directory) to add projects. There are some graphical tools to help you do this however you do get used to doing it by hand fairly quickly - just have the documentation near by!
Update: An example of one such tool is http://www.codeplex.com/ccnetconfig
You can use CCNETConfig to edit the config file through an UI although it doesn't support higher version > CruiseControl.NET 1.4.
You have to basically edit the configuration file by hand, however I have it setup so that the raw config file is split into different include files, each of which is setup in my source control system. Then I created a project for the configuration, and then for the whole config. So when something changes in the config, CC.NET itself pulls out the changes, recreates it's config files and the refreshes the system configuration.
This means that anyone can edit the config (if they can access the files in sourcecontrol), and no-one has to go into the program files directory of the CC.NET machine itself.
Not sure whether this answers the question you asked, but this is how our setup works