On Mon, Oct 10, 2011 at 3:26 PM, Ralph Mitchell <user-00a5e44c48c0@xymon.invalid> wrote:
I would second that. I'm hoping to have Xymon approved at work, but we have
to comply with DoD *and* PCI standards. We're not supposed to have
unencrypted data moving across the network.
At present, I have a work-around. Instead of using bin/xymon to send
messages, I'm using curl to post the message file to
https://server.domain.com/xymon/upload.php. On the server side, the
upload.php script simply drops the message file into xymon's incoming
stream, just as if it were delivered over the net by bin/xymon.
Good idea. I almost can copy this approach.
The client side has the server's CA cert to validate the connection and the
data flow is encrypted in transit. I could use client certificates as well.
But I think this approach only works for Linux xymon client, since
curl is readily available.
Preparing curl for other Unix(say HP-UX) and Windows will be a big challenge.
tj
Ralph Mitchell
On Mon, Oct 10, 2011 at 2:58 PM, T.J. Yang <user-61afc885aa73@xymon.invalid> wrote:
Hi, Henrik
Passing message without encryption among xymon client and server will
cause concerns in corporate IT.
I know you did some work at previous branches, can you activate this
message encryption work or put it on roadmap ?
Thanks
tj
--
T.J. Yang
--
T.J. Yang