On 2007.10.24. 16:53, Dan Langille wrote:
> On 24 Oct 2007 at 14:39, Simon Barrett wrote:
...
>> On this matter; adding the password to the RunBeforeJob line causes my
>> database password to appear on the status emails:
>>
>> 24-Oct 13:09 fs01-dir: BeforeJob: run command
>> "/etc/bacula/make_catalog_backup
>> bacula bacula MyPasswordHere"
>>
>> Status emails are sent in clear text across our network. Is there a
>> recommended solution to include sensitive variables in the config files
>> without exposing them like this?
>
> http://www.bacula.org/dev-manual/Catalog_Maintenance.html
>
> Click on Security considerations
using bacula 2.2.5, there seems to be several problems with these
suggestions.
one (when not running director as root) i am outlining in another email,
"problems when not running director as root".
another one is that even if i hardcode password in the
make_catalog_backup scripts, something prints the password to messages,
if python scripting is enabled.
the line looks a bit weird, as it contains what seems to be another line
at the end.
30-Oct 11:40 backup_1-dir JobId 52: ('bacula', None, 'bacula',
'baculapassword', None, 0, 'MySQL')30-Oct 11:40 backup_1-dir JobId 52:
python script is slightly modified default example, and looking over it,
i can't see any report line which could output anything like that.
what could be the reason for this line ?
--
Rich
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
