Encrypting DB passwords in the config
Matt.A.Cleveland at healthnet.com
Matt.A.Cleveland at healthnet.com
Mon Jan 8 10:25:29 EST 2007
Yes, I found this, but I also found what appears to be a bug. If I
restrict act_getconf for Top:a:b:c, then it properly restricts the config
for Top:a:b:c, but it still allows viewing the config for Top:a:b, and the
config includes the complete config for Top:a:b:c. Is this behavior
intentional?
...Matt Cleveland
...Web Architect
...Health Net Inc
...916.935.1248
...matt.cleveland at healthnet.com
* There's no place like 127.0.0.1
Jeff Weisberg <jaw+arguslist at tcp4me.com>
Sent by: arguslist-bounces at tcp4me.com
01/06/2007 04:38 PM
Please respond to
Discussion about Argus <arguslist at tcp4me.com>
To
arguslist at tcp4me.com
cc
Subject
Re: Encrypting DB passwords in the config
| Correct me if I'm wrong, but it appears to me there is no way to encrypt
| database passwords or any other configuration data that is stored in the
| config? This is particularly bad in that the password is also displayed
on
| the config in the UI. Has anyone else dealt with this issue?
you can prevent people from displaying the config using
the acl features.
in simple mode the displaying the config uses 'acl_root'
in advanced mode 'acl_getconf', and 'acl_about' for
the debugging page.
see also:
http://argus.tcp4me.com/acl.html
_______________________________________________
http://argus.tcp4me.com/
Arguslist at tcp4me.com
http://www.tcp4me.com/mailman/listinfo/arguslist
---------------------------------------------------------------------
This message, together with any attachments, is
intended only for the use of the individual or entity
to which it is addressed. It may contain information
that is confidential and prohibited from disclosure.
If you are not the intended recipient, you are hereby
notified that any dissemination or copying of this
message or any attachment is strictly prohibited. If
you have received this message in error, please notify
the original sender immediately by telephone or by
return e-mail and delete this message, along with any
attachments, from your computer. Thank you.
---------------------------------------------------------------------
More information about the Arguslist
mailing list