Disable file upload in Diagnostics > Browse Data Directory

Completed

Hello,

We use TeamCity to build our application and use TeamCity artifacts for our build output. We have a security concern with the ability to upload files from "Diagnostics > Browse Data Directory". This allows the user to overwrite existing files, including past artifacts. Therefore, if someone got access to my user credentials, they could log in and infect releases of our application.

Is there a way to disable the ability to upload files through the web GUI?

Thanks!

1 comment
Comment actions Permalink

Hi Andrew,

I don't think it is possible to disable this feature completely, but the access to Browse Data Directory is limited to the Administrator/System Administrator Role. It would be advisable to use a dedicated Systems Administrator account with a unique name and non-trivial password for doing such tasks and use it exclusively for Systems Administration tasks while using an alternative security role for your primary account. Most of the time, a Project Developer role is sufficient for everyday tasks but this might be different, depending on your situation.

The roles available on your installation are determined by the Authorization Mode that has been configured. There is more detailed information regarding Authorization Modes and the available Roles/Permissions in our documentation here: https://www.jetbrains.com/help/teamcity/role-and-permission.html#role-and-permission.md

You may also be interested in reading up on some of our documented security notes: https://www.jetbrains.com/help/teamcity/how-to.html#HowTo...-TeamCitySecurityNotes

1

Please sign in to leave a comment.