On Wed, May 06, 2009 at 06:12:15PM +0200, Florian Forster wrote: > Hi, > > On Tue, May 05, 2009 at 08:58:37AM -0500, kevin brintnall wrote: > > Until we have per-command authorization, I'm thinking we should add a > > 3rd type of socket that requires authentication for everything. This > > type would be appropriate for any untrusted connections. This would > > let us maintain local read-only users while still heavily restricting > > external use. > > I have to admit I don't think this good socket/bad socket architecture > will get us anywhere. Wouldn't it be easier to implement per-command > permissions for each socket now instead of creating a legacy we won't > lose for some time? I won't have enough time myself to take a look at it > before Monday, May 11th, but I'm willing to work in that direction after > that.
Florian, I agree that the socket-based privileges do not have much utility in the long term. > I know Tobi wants to release 1.4 soon but I think we shouldn't let this > rush us into premature designs that will be a problem to work with in > later version. Perhaps the existing code (without auth) is sufficient for 1.4? rrdcached still presents a dramatic local performance increase. If it takes more time to extend that (correctly) to remote access, I'm OK with it. I don't have a problem with it if it doesn't impact Tobi's schedule/goals for 1.4. The cleaner code in the long run is probably worth it. -- kevin brintnall =~ /[email protected]/ _______________________________________________ rrd-developers mailing list [email protected] https://lists.oetiker.ch/cgi-bin/listinfo/rrd-developers
