On Apr 11, 2011, at 10:24 PM, Jesse Becker wrote: > I think that we should punt authentication to other systems/modules > that are dedicated to doing so.
Yes, I agree that's a good solution. Dumping the ganglia-specific private_clusters database in favor of authentication provided by Apache is a good idea, and shouldn't be hard to do. We still need some sort of authorization mechanism though, mapping users->privileges or (as you suggest) groups->privileges. > If a user wants to store custom views and such, push it into a cookie, > and store it on the browser side. Under *NO* circumstances should we > allow a user to write data to the server through Ganglia. I don't agree. Restricting to cookie-based storage means views can't be shared easily, and will be lost when you clear cookies. I think it's possible to safely allow web-based configuration of views, though I agree it's non-trivial. If it's filesystem access which is the red flag, maybe we look at something like sqlite (which is available by default in PHP5), and/or move the conf/ directory outside of the web root. I think it makes sense to ship the UI with a restrictive default access policy for people who don't want to allow web-based configuration. But we should implement code to make web-based config possible for those who do. I put together some idea-code for this last night, but it's all based on keeping a text file of users & password like private_clusters. I'll need to take another pass at it to push all authentication back to Apache. (I agree that should be done.) https://github.com/alexdean/ganglia-misc/blob/add-acl/ganglia-web/auth.php alex ------------------------------------------------------------------------------ Forrester Wave Report - Recovery time is now measured in hours and minutes not days. Key insights are discussed in the 2010 Forrester Wave Report as part of an in-depth evaluation of disaster recovery service providers. Forrester found the best-in-class provider in terms of services and vision. Read this report now! http://p.sf.net/sfu/ibm-webcastpromo _______________________________________________ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers