[Xymon] XyMon client binaries default security is bad
Ralph Mitchell
ralphmitchell at gmail.com
Fri Mar 1 22:45:04 CET 2013
On Fri, Mar 1, 2013 at 3:40 PM, <cleaver at terabithia.org> wrote:
> [snip]
>
> Perhaps user/pass authentication could be added, but "real" security at
> the report-submission level would be SSL-handshaking at the port with any
> local keys controlled by standard unix/host access controls, (or HTTPS and
> xymonmsgcgi.msg and appropriate user/pass auth info after the SSL tunnel
> is set up). The bits and pieces are in trunk, but I'm not sure what their
> current working state is...
I'm currently using xymoncgimsg.cgi to catch status messages sent over
HTTPS via curl. For what I'm doing, the client-side xymon binary can be
replaced by a script.
I'm not using client-side certificates, though that ought to be fairly easy
to add. The problem with any client-side userid/password/certificate is
that you have to have a plain text password or key somewhere, so the whole
security chain could unravel if not done right.
Ralph Mitchell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20130301/74bf6607/attachment.html>
More information about the Xymon
mailing list