Hi Kenny,

I'm not trying to trash, what might very well be a great product. I'm just very wary (as everyone should be) about communicating private server data to some remote host. Even things that seem trivial could probably be used in creative ways. I'm a litlte paranoid, but not without reason :)

Making it open-source is certainly a good start.

> When I say software all it is, is a small script the generates a xml
> file, most of the "Open source" software that does this type of
> monitoring only pings your ports so there is no way of actually telling
> if the service is really running,

Yes, that's true. But Nagios, for instance, uses the model you are suggesting -- it has a daemon on the inside that communicates w/ master server. Your script may be more secure than Nagios, but seems to be operating on exactly the same principle. The big difference, however, is that w/ Nagios deployments you are not trusting some 3rd party server to your data.

Please feel free to view the parsed file at
www.xarex.com/monitor/client.php
If you find any security flaws please let me know so that I can block
them, this is one of the main reasons for having a beta test

I'll definitely check it out.

Again, perhaps my initial reaction was a little strong :) and server monitoring software is good. BUT ... You are asking for a lot if you want people to entrust information about their servers that is not public (otherwise you wouldn't need to install anything) to an unknown server. Even to a "trusted" server; (think of all the uprise against MS Passport, which arguably stores rather benign information).

Cheers,
Hans

--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



Reply via email to