On Fri, Mar 1, 2013 at 3:40 PM, <user-87556346d4af@xymon.invalid> wrote:
[snip]
Perhaps user/pass authentication could be added, but "real" security at
the report-submission level would be SSL-handshaking at the port with any
local keys controlled by standard unix/host access controls, (or HTTPS and
xymonmsgcgi.msg and appropriate user/pass auth info after the SSL tunnel
is set up). The bits and pieces are in trunk, but I'm not sure what their
current working state is...
I'm currently using xymoncgimsg.cgi to catch status messages sent over
HTTPS via curl. For what I'm doing, the client-side xymon binary can be
replaced by a script.
I'm not using client-side certificates, though that ought to be fairly easy
to add. The problem with any client-side userid/password/certificate is
that you have to have a plain text password or key somewhere, so the whole
security chain could unravel if not done right.
Ralph Mitchell