Navigation

    Inedo Community Forums

    Forums

    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Tags
    3. security
    Log in to post

    • M

      Proget api key for reading a particular feed?
      Support • proget security • • mhull_0872  

      2
      0
      Votes
      2
      Posts
      50
      Views

      jjones

      Hello, I think what you are trying to do can be accomplished by adding a restriction for "View & Download Packages" to "any" feed for "Authenticated" users. Then add whatever permission to the API user. Use the Test Privileges button to verify. Thanks Jason
    • ?

      OSS Index Vulnerability Scanner
      Support • proget security • • TanTan  

      2
      0
      Votes
      2
      Posts
      25
      Views

      ?

      I had a problem like this (for a different extension tho) and I just restarted the ProGet service, then it worked.
    • ?

      Nested ad groups not working
      Support • proget security • • TanTan  

      3
      0
      Votes
      3
      Posts
      22
      Views

      ?

      Thanks Alana, we will update our the inedo Core when the new version will be available.
    • ?

      Different security settings for different feeds
      Support • proget feeds security • • TanTan  

      2
      0
      Votes
      2
      Posts
      12
      Views

      ?

      This is a feature of the paid edition of ProGet; once you have that, you can scope security tasks to specific feeds. Otherwise, everything is global.
    • ?

      LDAPS authentication
      Support • proget security ldap • • TanTan  

      2
      0
      Votes
      2
      Posts
      11
      Views

      T

      It's possible it may work (I can't verify) if you specify the port in the domain controller host value under advanced settings (i.e. enter your-dc-server:636 as the value). See the LDAP Advanced Settings documentation for info on how to find that page to configure that value. If that doesn't work, I suspect a code change is needed - it is not clear via the Microsoft documentation what the default AuthenticationType is for this call: https://github.com/Inedo/inedox-inedocore/blob/master/InedoCore/InedoExtension/UserDirectories/ADUserDirectory.cs#L268
    • J

      Send Email on Plan Changes for BuildMaster
      Support • buildmaster security • • jneuharth_9094  

      3
      0
      Votes
      3
      Posts
      15
      Views

      T

      We added basic support for this in BM-3197, though anything more complicated needs to be handled with a custom event listener. If you want to create a custom extension for this (and are an enterprise customer) you already have access to the source code at https://my.inedo.com, or you can request direct source access to our GitLab repository as well, just send a note via the contact form.
    • J

      Limiting Resource Credentials in Environments
      Support • buildmaster security • • jneuharth_9094  

      4
      0
      Votes
      4
      Posts
      13
      Views

      ?

      Found the follow-up issue as a user error. After upgrading to 6.0.x the feature worked as expected.
    • D

      Assets folder upload being denied
      Support • proget feeds security • • davidroberts63  

      3
      0
      Votes
      3
      Posts
      22
      Views

      D

      Haha, I missed it by one minor verison. :-D Sounds good. Thanks for the quick response. Means I get to test my scripted upgrade process. :-D Have a good one.
    • ?

      Feed Security
      Support • buildmaster security • • TanTan  

      2
      0
      Votes
      2
      Posts
      8
      Views

      ?

      Yes. Just remove the "Anonymous" user from any tasks you've given it to permission to; Admin > Security > Tasks.
    • ?

      Restrict anonymous user
      Support • proget security • • TanTan  

      3
      0
      Votes
      3
      Posts
      27
      Views

      ?

      I think I got it working. The documentation is really lacking and hard to find. After hours of searching I found https://inedo.com/support/kb/1112/api-keys-in-proget page. First I had to drop anon permissions to "Publish Packages" (I think it may have been off by default). Add a new task (e.g. "Publish to feed") and select the following operations: Add package Overwrite package View feed Grant anon user permissions to the new task Set an API key for the target feed and use the key in my CI/CD pipeline
    • D

      Permission for 'Assign License' in tasks
      Support • proget security • • davidroberts63  

      7
      0
      Votes
      7
      Posts
      21
      Views

      L

      Hello Alana, That does take you out of the flow a bit, as I assume that this would give them access to edit the "Manage Licences" page? I think is a step in the right direction, but I would still think using the Manage Feed flag and adding that as a role to that which allows Assign Licence is a good option as well. Thanks, Luke
    • H

      Better team management for feeds
      Support • proget security • • harald.s.hanssen_9685  

      4
      0
      Votes
      4
      Posts
      14
      Views

      ?

      I see, so the actual problem is that you don't have the ability to create or manage AD Groups? Yes, that is certainly annoying... You will probably be better off working within your organization to change this policy. It's awfully silly, and totally defeats the purpose of using AD to begin with. That said, we will consider adding a "teams" feature for a future version.
    • ?

      Manual Database Updater Blocked
      Support • buildmaster security databases installer • • TanTan  

      2
      0
      Votes
      2
      Posts
      8
      Views

      ?

      This is a false positive; unfortunately we seem to be the target of many of them :( See http://inedo.com/support/kb/1113/anti-malware-false-positives-code-signing-and-safety-of-inedo-products Please report the false positive, because some of the virus total companies will not let us do it, only their customers.
    • D

      Where did the security 'scope' go?
      Support • proget feeds security user-interface • • davidroberts63  

      5
      0
      Votes
      5
      Posts
      17
      Views

      D

      Wonderful! Worked just as you said it would. Thank you very much Alana.
    • ?

      Issue while intergrating Proget with Vor Security
      Support • proget security • • TanTan  

      2
      0
      Votes
      2
      Posts
      11
      Views

      ?

      This particular issue just means that the web server and service cannot communicate; doesn't have much to do with VOR SECURITY, and you can simply resolve it by restarting the web/service.
    • ?

      Implementation of Security while calling Rest APIs for Release & Deployment in BuildMaster
      Support • buildmaster api security • • TanTan  

      2
      0
      Votes
      2
      Posts
      13
      Views

      ?

      The release/deploy API is secured by API keys, not by username/password. When you configure an API key, you can determine which access that API key has. Treat those API keys like passwords, and share them only with people you trust.
    • ?

      How do I remove browsing access to the ProGet site?
      Support • proget security user-interface • • TanTan  

      2
      0
      Votes
      2
      Posts
      8
      Views

      ?

      If you've removed the "Anonymous" pseudo-user from the privileges for the current user directory, then you will see "You are browsing as the anonymous user, therefore certain functionality may be missing. Click the User Icon in the top right to log in.". note that, if you've enabled Windows Integrated Authentication, you will always be logged in as yourself, so you will not be able to go "anonymous".
    • ?

      Reset Admin Password
      Support • proget security • • TanTan  

      2
      0
      Votes
      2
      Posts
      127
      Views

      ben

      Hello Mario, I've added resetadminpassword to ProGet.Service.exe for the next minor release (4.7.10) - PG-1009 For now, you can reset the password in the database to Admin by setting the Salt_Bytes and Password_Bytes to 0x26CF0B87A338C08CA30F and 0x5868049613BC1ED1E4E3C2E404D8B85684B53263 respectively.
    • ?

      Vulnerability Version Syntax
      Support • proget nuget security • • TanTan  

      2
      0
      Votes
      2
      Posts
      13
      Views

      ben

      A vulnerability version range can be: the literal string (any) empty string (equivalent to (any)) single single, single single, single, single single, single, single, single etc. A single vulnerability version range can be: version >version >=version <version <=version >version <version >=version <version >version <=version >=version <=version The format of version is defined by the feed type.
    • ?

      I accidently removed Admin from Administrators group, how can I restore it?
      Support • proget authentication security permissions • • TanTan  

      2
      0
      Votes
      2
      Posts
      15
      Views

      ?

      The admin tool does not currently add the user back; but you can do so directly in the database; the tables are fairly straightforward. To reinstall, make sure to drop the database after install well. It does not get removed by default.
    • 1
    • 2
    • 3
    • 1 / 3