Morning, > Am 18.05.2017 um 21:08 schrieb Saku Ytti <s...@ytti.fi>: > > On 18 May 2017 at 21:47, Patrick M. Hausen <hau...@punkt.de> wrote: >> I am in no way planning to make this public. We have had routerproxy in >> place as a convenient tool for our own admins, specifically the ones who >> are not IOS gurus and just want to look up stuff, not configure the systems. > > I get that, but you shouldn't use system() or back-ticks ever, > regardless security posture. Because it is 0 cost to do this right > (e.g. popen) versus wrong, so you have no upside on the wrong way. > Also, you may intend it internal use only, but then you leave the > company, and customer RFP mandates looking glass, and fastest way to > do it, is to expose the NOC tool to customer.
I know - but honestly I wasn't planning to code one myself. And of course the comments about private tools suddenly turning public years later are spot-on. Either the one bundled with rancid works or I'll "fix it in the documentation" and do a write up for my colleagues on how to do it with SSH and the CLI. Might serve as a cheat sheet for myself in situations of sudden pressure, too ;-) Thanks for all hints. Patrick
Description: Message signed with OpenPGP
_______________________________________________ cisco-nsp mailing list email@example.com https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/