The master+nomoretoken branch I just commited today allows to get rid of
the authentication token, simply by automatically trusting all target
servers.
Advantages:
- one less variable to share with the http server thread
- one less variable to ensure persistence on agent side
- no more need to wait for initial dialog between agent and server to
complete the server can control the agent
- less code
Disadvantages:
- anything on the server host can force agent execution, not just the
server itself (to be balanced against: anything able to bruteforce or
the intercept the token can achieve it).
Comments ?
--
BOFH excuse #148:
Insert coin for new game
_______________________________________________
Fusioninventory-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/fusioninventory-devel
