Good day!
Now web-page is protected at web-server (Apache) level only.
I see we can protect exact directory and may be file/script like:
http://host:port/xymon/p_cominder/p_cominder.html
so we can allow some users see only some group pages.
But this does not protect direct metric links like:
http://host:port/xymon-cgi/svcstatus.sh?HOST=miminos.cominder.eu&SERVICE=disk
if I know other (not my) host name I can get this information event I am not in group of that host.
And also at non-green Systems report user see ALL non-green hosts
http://host:port/xymon/nongreen.html
Question:
Does XyMon team have plans to implement groups/pages protection?
Or may be somebody know how to protect it with current version?
At present moment the only idea I see to have XyMon web UI as backgroud service
and have foreground application with it's own authorisation - which will then request background XyMon service/web-page, filter out only what is required and return results to end user based on user's permissions and groups.
It will take time, but I can write such application. But, as result we have 2 applications instead of one.
May be there is more simple solution?
Best regards,
Andrey Chervonets
SIA CoMinder
http://www.cominder.eu/