DamageControl is an open system, and depending on where it is installed and run, various measure should be taken to prevent it from malicous attacks.
Build trigger security
The server starts a build whenever it receives a request over XML-RPC. DC can be configured to only accept connections from a set of IP adresses.
TODO: snippet with example (see src/ruby/codehaus.rb for now)
There are currently no plans to support authentication for XML-RPC at this level.
Project admin security
DC will have a web based admin console that will alow to configure individual projects. DC will have no authentication here. In stead it is recommended to restrict access to the admin console using Apache in front of it. At a later stage we might add per-project access control, but there are no plans to do this.
SCM security
If a DC project is configured to check out a project with SSH (supported by CVS and SVN), the dcontrol user must be given r/w access to the SCM for the particular project. (This will allow DC to tag a project upon a successful build, although this is currently not supported).
Otherwise, configure DC to check out anonymously.