[osiris-devel] removing features

David M. Fetter dfetter at pdx.edu
Fri Nov 12 13:26:53 EST 2004 

Personally, I'm not sure I like the http bit anyway.  It seems like a
nasty potential for a security hole in a piece of security software.
However, that said, I know that several of the folks here are kind of
looking forward to the ease of clicking on links in an email to
acknowledge the changes, etc.  It would be nice if there was another
alternative besides auto-accept.  I would like to see user access
control a bit more segmented.  Like an admin priv setting and a user
priv setting for starters.  Then perhaps making it so you can allow
specific users to only work with specific hosts.  In any case, I don't
think striping it out would make our setup of it too much different.

On Thu, 2004-11-11 at 10:11 -0700, Brian Wotring wrote:
> I am seriously considering removing all of the http code from the 
> management console.  This includes md_http.h, md_http.c, as well as the 
> relavent code to handle the settings for http_host and http_port.
> 
> The impact would be that it will not be possible to update the trusted 
> database via a web browser.  The suggested alternative is to turn on the 
> auto-accept feature.
> 
> I have a couple of reasons for removing this.  First, it's problematic 
> to support.  Many people get hung up by firewalls, and email clients 
> munging the URL.  Second, it is a lot of code to handle the parsing of 
> HTTP requests from the management daemon itself.  The role of the 
> management console is to manage streams of agent data, not act as a web 
> server.
> 
> Please speak up if there any major objections to this?
> 
> -brian
> _______________________________________________
> osiris-devel mailing list
> osiris-devel at lists.shmoo.com
> https://lists.shmoo.com/mailman/listinfo/osiris-devel

-- 
David M. Fetter - UNIX Systems Administrator
Portland State University - www.oit.pdx.edu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.shmoo.com/pipermail/osiris-devel/attachments/20041112/1662ade6/attachment.pgp

More information about the osiris-devel mailing list