You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by GitBox <gi...@apache.org> on 2020/02/27 22:15:15 UTC
[GitHub] [geronimo-metrics] rmannibucau commented on issue #4: Accepted
hosts ip range
rmannibucau commented on issue #4: Accepted hosts ip range
URL: https://github.com/apache/geronimo-metrics/pull/4#issuecomment-592204867
Second range not sure but last two yes.
Main issue is to ensure it is not just becoming a wildcard which break all security mecanism.
Im not an expert but thought cidr was related to subnet masks so opening the door to foebidden calls (typically only prometheus should be able to call and not other services of the sqme network).
Using a custom impl was really the way to enable that network security but clean security setup was to use a real authentication - even just adding tomcat basic auth using a tomcat-users.xml and configuring geronimo-metrics roles.
What I mean is we shouldnt enble to relax too much the enforcement at network level. Localhost relaxing is ok cause you have access to the binaries anyway, others assume env setup.
So here what I'd do:
1. Document how to override the validator if not clear enough (i can take this point)
2. Potentially add a cdi event to plug a custom decider trivially if present (would enable you to plug any impl you want) - i cna do it too if needed
3. Maybe try role based security (works not bad with prometheus and avoids any network whitelisting)
4. If none works, use a range support forcing explicit ip but not just submasks which are almost wildcards and often leaks foebidden hosts
Hope it makes sense, wdyt?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services