From: Alex D. <al...@cr...> - 2011-04-12 21:01:50
|
On Apr 11, 2011, at 10:24 PM, Jesse Becker wrote: > I think that we should punt authentication to other systems/modules > that are dedicated to doing so. Yes, I agree that's a good solution. Dumping the ganglia-specific private_clusters database in favor of authentication provided by Apache is a good idea, and shouldn't be hard to do. We still need some sort of authorization mechanism though, mapping users->privileges or (as you suggest) groups->privileges. > If a user wants to store custom views and such, push it into a cookie, > and store it on the browser side. Under *NO* circumstances should we > allow a user to write data to the server through Ganglia. I don't agree. Restricting to cookie-based storage means views can't be shared easily, and will be lost when you clear cookies. I think it's possible to safely allow web-based configuration of views, though I agree it's non-trivial. If it's filesystem access which is the red flag, maybe we look at something like sqlite (which is available by default in PHP5), and/or move the conf/ directory outside of the web root. I think it makes sense to ship the UI with a restrictive default access policy for people who don't want to allow web-based configuration. But we should implement code to make web-based config possible for those who do. I put together some idea-code for this last night, but it's all based on keeping a text file of users & password like private_clusters. I'll need to take another pass at it to push all authentication back to Apache. (I agree that should be done.) https://github.com/alexdean/ganglia-misc/blob/add-acl/ganglia-web/auth.php alex |