Le Thu, 28 Feb 2013 17:05:08 +0100 Guillaume Rousse <[email protected]> a écrit:
>The master+nomoretoken branch I just commited today allows to get rid >of the authentication token, simply by automatically trusting all >target servers. > >Advantages: >- one less variable to share with the http server thread >- one less variable to ensure persistence on agent side >- no more need to wait for initial dialog between agent and server to >complete the server can control the agent >- less code > >Disadvantages: >- anything on the server host can force agent execution, not just the >server itself (to be balanced against: anything able to bruteforce or >the intercept the token can achieve it). > >Comments ? For security reasons, habe token is more safe, and I prefer have a token than allow the ip of the server. David _______________________________________________ Fusioninventory-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/fusioninventory-devel
