Am 12.10.2013 16:04, schrieb Michael Starks: > On 10/12/2013 05:28 AM, Christian Beer wrote: >> Why would you need a login page? Where should this login page get it's >> credentials from? As it is now you can use apache basic authentication >> (or similar) which in fact can be tied into other authentication systems >> (such as an ldap directory). It's not the job of analogi to keep the bad >> boys out but rather show you where the bad boys are ;). > > You need access control because logs contain sensitive data. Using > Apache access control is not sufficient for everyone because once > authenticated, you have access to everything, which may not be in line > with the roles need. For example, you could grant the DBAs access to > only database logs/alerts, while the Windows admins could have access > to only Windows logs/alerts. I'm not saying that this should > necessarily be a design objective of AnaLogi, but that's the > justification for having it. > That's right, of course. I'm more the all-in-one person and like AnaLogi the way it is. I didn't associate a login page with a role-based authentication concept.
Regards Christian -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
