[rrd-developers] [PATCH] rrdcached server-side authentication
tobi at oetiker.ch
Wed May 6 21:54:00 CEST 2009
Today kevin brintnall wrote:
> On Wed, May 06, 2009 at 06:12:15PM +0200, Florian Forster wrote:
> > Hi,
> > On Tue, May 05, 2009 at 08:58:37AM -0500, kevin brintnall wrote:
> > > Until we have per-command authorization, I'm thinking we should add a
> > > 3rd type of socket that requires authentication for everything. This
> > > type would be appropriate for any untrusted connections. This would
> > > let us maintain local read-only users while still heavily restricting
> > > external use.
> > I have to admit I don't think this good socket/bad socket architecture
> > will get us anywhere. Wouldn't it be easier to implement per-command
> > permissions for each socket now instead of creating a legacy we won't
> > lose for some time? I won't have enough time myself to take a look at it
> > before Monday, May 11th, but I'm willing to work in that direction after
> > that.
> I agree that the socket-based privileges do not have much utility in the
> long term.
> > I know Tobi wants to release 1.4 soon but I think we shouldn't let this
> > rush us into premature designs that will be a problem to work with in
> > later version.
> Perhaps the existing code (without auth) is sufficient for 1.4? rrdcached
> still presents a dramatic local performance increase. If it takes more
> time to extend that (correctly) to remote access, I'm OK with it.
> I don't have a problem with it if it doesn't impact Tobi's schedule/goals
> for 1.4. The cleaner code in the long run is probably worth it.
ok, lets call it quits for 1.4 then ... I will do the rrd_flush
fixes we talked about earlier and then release rc1 ...
with the prospect of florian chiping in with the privileges stuff
we might these things sooner than expected in the next release
Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland
http://it.oetiker.ch tobi at oetiker.ch ++41 62 775 9902 / sb: -9900
More information about the rrd-developers