Date: Fri, 11 Aug 2006 17:27:42 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Paul Schmehl <pauls@utdallas.edu> Cc: "Marc G. Fournier" <scrappy@freebsd.org>, Nikolas Britton <nikolas.britton@gmail.com>, freebsd-questions@freebsd.org Subject: Re: BSDstats Project v2.0 ... Message-ID: <44DCAFFE.6090400@infracaninophile.co.uk> In-Reply-To: <44DCA340.2050204@utdallas.edu> References: <20060807003815.C7522@ganymede.hub.org> <20060808201359.S7522@ganymede.hub.org> <44D91F02.90107@mawer.org> <20060808212719.L7522@ganymede.hub.org> <20060809072313.GA19441@sysadm.stc> <20060809055245.J7522@ganymede.hub.org> <44D9F9C4.4050406@utdallas.edu> <20060809130354.U7522@ganymede.hub.org> <ef10de9a0608091700x6cc268ear6566c26f93f1fdf0@mail.gmail.com> <ef10de9a0608100327r5b402d64xc4eef38a4f61ba4e@mail.gmail.com> <ef10de9a0608110342q62f81fc8p5fb4b4df37595593@mail.gmail.com> <20060811100914.U7522@ganymede.hub.org> <44DCA340.2050204@utdallas.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig28B2810095967675B0DFA37C
Content-Type: text/plain; charset=ISO-8859-15
Content-Transfer-Encoding: quoted-printable
Paul Schmehl wrote:
=20
> 1) encrypt the data being fed to your systems by the script - this
> should be relatively easy using keys and would ensure that a man in the=
> middle attack would fail. You can connect using ssh and a unique key
> without having to reveal passwords to anyone.
Uh... HTTPS surely? Because it's relatively simple to implement on both
client and server, doesn't require extra software installed on every clie=
nt
beyond the monthly stats script itself and because of the way that HTTPS
uses a one-sided Diffie Helmann exchange to create session keys which mea=
ns
that you don't have any trouble with key management on the many thousands=
of client boxes out there...
In which case rewriting the monthly_stats script to send all the data to
the server in one transaction would be a pretty good optimization. It's
a pity that fetch(1) doesn't have the capability to do a HTTP POST rather=
than a GET though, given the amount of stuff to send.
As a matter of interest, does the FreeBSD project or any of the other
*BSDs have a CA anywhere that could sign the bsdstats web server cert?
If not, then I guess some sort of appeal to raise the cash to get a
cert signed by one of the Root CAs might well be in order.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enig28B2810095967675B0DFA37C
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE3LAG8Mjk52CukIwRCKahAKCDowqfdAkbezB2EapT9sxeVivWlwCeNWES
1Xqlmqj35Uol8i5aGbUA4kA=
=1xqJ
-----END PGP SIGNATURE-----
--------------enig28B2810095967675B0DFA37C--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44DCAFFE.6090400>