On 10/12/2013 05:28 AM, Christian Beer wrote:
Why would you need a login page? Where should this login page get it's
credentials from? As it is now you can use apache basic authentication
(or similar) which in fact can be tied into other authentication systems
(such as an ldap directory). It's not the job of analogi to keep the bad
boys out but rather show you where the bad boys are ;).
You need access control because logs contain sensitive data. Using
Apache access control is not sufficient for everyone because once
authenticated, you have access to everything, which may not be in line
with the roles need. For example, you could grant the DBAs access to
only database logs/alerts, while the Windows admins could have access to
only Windows logs/alerts. I'm not saying that this should necessarily be
a design objective of AnaLogi, but that's the justification for having it.
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.