> * make sure that un-authed users may not do anything when > authentication is active
Enforcing this rule on all sockets obviates a common use case.. It doesn't allow us to separate read-only users (who should be able to FLUSH) from read-write users (who can UPDATE, etc). Having a local (127.0.0.1 or UNIX) low-privilege socket that accepts FLUSH for all local users is bound to be a common use case. Until we have per-command authorization, I'm thinking we should add a 3rd type of socket that requires authentication for everything. This type would be appropriate for any untrusted connections. This would let us maintain local read-only users while still heavily restricting external use. Once we have per-command authorization, we won't need to make the distinction at the socket level. -- kevin brintnall =~ /kbr...@rufus.net/ > -> release 1.4 > > * add SSL support to guard against 3rd parties doing funney things > on the network level. > > * add configurable per-operation/per-file privileges > > * add support for certificate based authentication > > -> release 1.5 > > cheers > tobi > > -- > Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland > http://it.oetiker.ch t...@oetiker.ch ++41 62 775 9902 / sb: -9900 _______________________________________________ rrd-developers mailing list rrd-developers@lists.oetiker.ch https://lists.oetiker.ch/cgi-bin/listinfo/rrd-developers
