On Mon, May 19, 2014 at 4:20 PM, chris snow <chsnow...@gmail.com> wrote:
> hi Devs, > > Does an agent authenticate itself to Stratos? Yes, Chris. > If not, is it possible > that an agent could write spoofed events to the MB? > > It also looks like the agent has access to the bam admin user name and > password [1]: > > -Dmonitoring.server.port=<%= @bam_port %> > -Dmonitoring.server.secure.port=<%= @bam_secure_port %> > -Dmonitoring.server.admin.username=<%= @bam_username %> > -Dmonitoring.server.admin.password=<%= @bam_password %> > > What damage could someone (e.g. a tenant) do with possession of those > credentials? > We might need to encrypt them and store in agent's side?! > > Many thanks, > > Chris > > > --- > [1] > https://github.com/apache/incubator-stratos/blob/master/tools/puppet3/modules/agent/templates/bin/stratos.sh.erb > -- Best Regards, Nirmal Nirmal Fernando. PPMC Member & Committer of Apache Stratos, Senior Software Engineer, WSO2 Inc. Blog: http://nirmalfdo.blogspot.com/
