[hobbit] Alternate Pagesets

Ted M Harapat ted at mob.net
Wed Jun 7 23:58:01 CEST 2006


On Wed, 7 Jun 2006, Henrik Stoerner wrote:

> It's not completely secure, because the CGI scripts that generate the
> detailed status allow you to tweak the hostname in the URL, so if you
> know the hostname of another customers' system, then you can get the
> data about the host.
>
> That's the gist of it. There is probably some issues I've missed
> (reporting, for instance), but I hope that will get you started.

Thank you Henrik and Larry for the quick responses.

I did already try something a little more basic than this involving a
shell script calling the bbgen command to create the reports on the split
up bb-hosts files. It worked pretty well but it was a little too easy to
end up seeing other hosts and reports in there.

So I think for ease of definite security (through separation),
maintenance, and upgrades I will go with the different instances of Hobbit
running on different ports.

Thanks for the great software work you've done here.

-ted




More information about the Xymon mailing list