[Fusioninventory-devel] UserAgent patch for FusionInventory
Guillaume PROTET
guillaume.protet at mortheres.info
Fri Jan 7 16:21:30 UTC 2011
Hi,
We plan to use useragent and agent version to control API changes and control that data sent by agent are compatible with OCS server. It is what we mean about "security".
Don't forget that we are searching a solution for your agent that is not supported by OCS community, so consider that you are privileged.
Kind regards,
--
Guillaume
----- Mail original -----
De: "Stéphane Urbanovski" <s.urbanovski at ac-nancy-metz.fr>
À: "FusionInventory Developer discussion" <fusioninventory-devel at lists.alioth.debian.org>
Cc: "developers en" <developers.en at ocsinventory-ng.org>
Envoyé: Vendredi 7 Janvier 2011 14:13:11
Objet: Re: [Fusioninventory-devel] UserAgent patch for FusionInventory
Guillaume Rousse a écrit :
> Le 07/01/2011 11:23, Guillaume PROTET a écrit :
>> Hi,
>>
>> Your patch won't be integrated as is because, for security reasons, it is inconceivable for us to integrate by default an agent not supported by OCS.
> I fail to see how decing to examine or reject a message, just because of
> client-managed user-agent string, would provide any kind of security
> benefit. You'd better validate the content of the message against a
> grammar, to check what is said, rather than blindy believe the client
> claiming who he is.
>
> Or find another excuse than 'security'.
+1
--
Stéphane Urbanovski
More information about the Fusioninventory-devel
mailing list