Re: trapd authorization hacks (again)

This is a discussion on Re: trapd authorization hacks (again) within the SNMP Coders forums, part of the Networking and Network Related category; >>>>> On Thu, 20 Oct 2005 10:19:31 +0100, Dave Shield <D.T.Shield@...


Go Back   Usenet Forums > Networking and Network Related > SNMP Coders

Reload this Page Re: trapd authorization hacks (again)

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 10-20-2005
Wes Hardaker
 
Posts: n/a
Default Re: trapd authorization hacks (again)
>>>>> On Thu, 20 Oct 2005 10:19:31 +0100, Dave Shield <D.T.Shield@csc.liv.ac.uk> said:

Dave> In particular, it must be possible (and *trivial*) to restore
Dave> the current open behaviour. So this probably means a one-line
Dave> configure directive to allow anything from anywhere. (And
Dave> clearly documented as such in as many places as possible).

I agree with that. And it would be trivial to do.

Dave> I realise that this is probably anathema to the security people,
Dave> but as a Network Administrator with Very Little Time, I'd wouldn't
Dave> expect a new release to "break" my currently working setup, without
Dave> an easy way to fix it again.

No, I very much understand the need to run an insecure network.
Security takes time and energy and it's not until it's too late do
people want to spend that time and energy.

People *should* be able to do what they want, and if they want to do
something insecurely that is fine. Where tools get it wrong much of
the time is:

1) not doing something strict by default
2) what you said: not making it easy to configure it the way people want

Dave> Another Question: what timescale are you looking at?
Dave> It's obviously not relevant to 5.2.2, so are we talking
Dave> about squeezing this into 5.3, or waiting until 5.4 ?

I won't let 5.3 go out the door without it. Period. What's out there
now is simply bad. But I should also have the time to get it done by
5.3, assuming I can reuse the infrastructure that we have today which
I think fits anyway.

Dave> I'm concerned that we might rush something in too hastily, and
Dave> be forced to live with the consequences. Wes - is this code
Dave> that you've already got waiting to be committed, or are you
Dave> talking about developing something new?

It's almost entirely working.

--
Wes Hardaker
Sparta, Inc.


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/...et-snmp-coders
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 06:05 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0