Date: Fri, 11 Aug 2006 17:27:42 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Paul Schmehl <pauls@utdallas.edu> Cc: "Marc G. Fournier" <scrappy@freebsd.org>, Nikolas Britton <nikolas.britton@gmail.com>, freebsd-questions@freebsd.org Subject: Re: BSDstats Project v2.0 ... Message-ID: <44DCAFFE.6090400@infracaninophile.co.uk> In-Reply-To: <44DCA340.2050204@utdallas.edu> References: <20060807003815.C7522@ganymede.hub.org> <20060808201359.S7522@ganymede.hub.org> <44D91F02.90107@mawer.org> <20060808212719.L7522@ganymede.hub.org> <20060809072313.GA19441@sysadm.stc> <20060809055245.J7522@ganymede.hub.org> <44D9F9C4.4050406@utdallas.edu> <20060809130354.U7522@ganymede.hub.org> <ef10de9a0608091700x6cc268ear6566c26f93f1fdf0@mail.gmail.com> <ef10de9a0608100327r5b402d64xc4eef38a4f61ba4e@mail.gmail.com> <ef10de9a0608110342q62f81fc8p5fb4b4df37595593@mail.gmail.com> <20060811100914.U7522@ganymede.hub.org> <44DCA340.2050204@utdallas.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig28B2810095967675B0DFA37C Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable Paul Schmehl wrote: =20 > 1) encrypt the data being fed to your systems by the script - this > should be relatively easy using keys and would ensure that a man in the= > middle attack would fail. You can connect using ssh and a unique key > without having to reveal passwords to anyone. Uh... HTTPS surely? Because it's relatively simple to implement on both client and server, doesn't require extra software installed on every clie= nt beyond the monthly stats script itself and because of the way that HTTPS uses a one-sided Diffie Helmann exchange to create session keys which mea= ns that you don't have any trouble with key management on the many thousands= of client boxes out there... In which case rewriting the monthly_stats script to send all the data to the server in one transaction would be a pretty good optimization. It's a pity that fetch(1) doesn't have the capability to do a HTTP POST rather= than a GET though, given the amount of stuff to send. As a matter of interest, does the FreeBSD project or any of the other *BSDs have a CA anywhere that could sign the bsdstats web server cert? If not, then I guess some sort of appeal to raise the cash to get a cert signed by one of the Root CAs might well be in order. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig28B2810095967675B0DFA37C Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE3LAG8Mjk52CukIwRCKahAKCDowqfdAkbezB2EapT9sxeVivWlwCeNWES 1Xqlmqj35Uol8i5aGbUA4kA= =1xqJ -----END PGP SIGNATURE----- --------------enig28B2810095967675B0DFA37C--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44DCAFFE.6090400>