It's hard to trigger new builds remotely from scripts if Hudson's security
option is enabled.

And it seems to me that requiring users to know full admin password
(and this password is not only for Hudson admins, but for entire
server, such as Tomcat) is rather dangerous, not to mention that it's quite
inconvenient for for script writers.

We need more fine-tuned approach to security. And it seems that there
are two major use cases here:

1. Hudson administration via GUI. Users should know admin password,
as usual.

2. Remotely triggering the build via scripts, hooks, etc. Obviously,
those who want this functionality, don't need to know full admin
password.

As for the solution that satisfies both cases,
how about, for example, Project-level configuration option, like
"An authorization token to remotely trigger the build", and a string
value.

Then, projects who would like to have remotely-triggered builds, would
enable that option, and provide a string (sort of like password).

Next, any access to URL like
hudson/job/name/build?token=AUTH_TOKEN_HERE
would trigger the build.

By using this or similar approach we'll allow to start builds remotely
without much problems (no auth via POST, cookies, sessions and all
that craziness) and at the same time we'll not compromise full Hudson
and server security. And those projects that don't want this
functionality, will have it disabled in config altogether.

I'll have a rough patch ready and currently testing it.
Will submit shortly.