On Wed, 7 Jun 2006, Henrik Stoerner wrote:
It's not completely secure, because the CGI scripts that generate the
detailed status allow you to tweak the hostname in the URL, so if you
know the hostname of another customers' system, then you can get the
data about the host.
That's the gist of it. There is probably some issues I've missed
(reporting, for instance), but I hope that will get you started.
Thank you Henrik and Larry for the quick responses.
I did already try something a little more basic than this involving a
shell script calling the bbgen command to create the reports on the split
up bb-hosts files. It worked pretty well but it was a little too easy to
end up seeing other hosts and reports in there.
So I think for ease of definite security (through separation),
maintenance, and upgrades I will go with the different instances of Hobbit
running on different ports.
Thanks for the great software work you've done here.
-ted