[Fusioninventory-devel] Dropping the authentication token
David DURIEUX
d.durieux at siprossii.com
Mon Mar 4 07:40:25 UTC 2013
Le Thu, 28 Feb 2013 17:05:08 +0100
Guillaume Rousse <guillomovitch at gmail.com> a écrit:
>The master+nomoretoken branch I just commited today allows to get rid
>of the authentication token, simply by automatically trusting all
>target servers.
>
>Advantages:
>- one less variable to share with the http server thread
>- one less variable to ensure persistence on agent side
>- no more need to wait for initial dialog between agent and server to
>complete the server can control the agent
>- less code
>
>Disadvantages:
>- anything on the server host can force agent execution, not just the
>server itself (to be balanced against: anything able to bruteforce or
>the intercept the token can achieve it).
>
>Comments ?
For security reasons, habe token is more safe, and I prefer have a
token than allow the ip of the server.
David
More information about the Fusioninventory-devel
mailing list