Merge pull request #2714 from daniel-beck/JENKINS-40813

[FIX JENKINS-40813] Better message on 'Enable security' option
jenkinsci · Jan 12, 2017 · 522f1be · 522f1be
2 parents 8d8435b + 81c0f46
commit 522f1be
Showing 1 changed file with 8 additions and 13 deletions.
diff --git a/core/src/main/resources/hudson/security/GlobalSecurityConfiguration/help-useSecurity.html b/core/src/main/resources/hudson/security/GlobalSecurityConfiguration/help-useSecurity.html
@@ -1,20 +1,15 @@
 <div>
-  If enabled, you have to login with a username and a password that has the "admin" role
-  before changing the configuration or running a new build (look for the "login" link
-  at the top right portion of the page).
-  Configuration of user accounts is specific to the web container you are using.
-  (For example, in Tomcat, by default, it looks for <tt>$TOMCAT_HOME/conf/tomcat-users.xml</tt>)
-
   <p>
-  If you are using Jenkins in an intranet (or other "trusted" environment), it's usually
-  desirable to leave this checkbox off, so that each project developer can configure their own
-  project without bothering you.
+    Enabling security allows configuring authentication (how people can identify themselves) and authorization (what
+    permissions they get).
+  </p>
 
   <p>
-  If you are exposing Jenkins to the internet, you must turn this on. Jenkins launches
-  processes, so insecure Jenkins is a sure way of being hacked.
+    A number of options are built in. Please note that granting significant permissions to anonymous users, or allowing
+    users to sign up and granting permissions to all authenticated users, does not actually increase security.
+  </p>
 
   <p>
-  For more information about security and Jenkins, see
-  <a href="https://jenkins.io/redirect/securing-jenkins">this document</a>.
+    For more information about security and Jenkins, see
+    <a href="https://jenkins.io/redirect/securing-jenkins">this document</a>.
 </div>