Project

General

Profile

Actions
Copy link

Feature #32687

closed

Make the importing mechanism secure

Added by Lukas Zapletal over 3 years ago. Updated over 3 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Difficulty:
Triaged:
Yes
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

The current design relies on trusted_hosts feature, clients use HTTPS API and Foreman checks their hostname/client CN.

For smart_proxy_host_reports, similar approach can be taken - list of allowed CN names, since callback would be typically running on the same host, the configuration can be set to only trust to the same hostname.

Related issues 1 (1 open0 closed)

Related to Foreman - Tracker #31142: New report model and import/view mechanismNewLukas Zapletal

Actions
Actions
Copy link
 #1

Updated by Lukas Zapletal over 3 years ago

  • Related to Tracker #31142: New report model and import/view mechanism added
Actions
Copy link
 #2

Updated by Lukas Zapletal over 3 years ago

  • Status changed from New to Rejected
Actions
Copy link

Also available in: Atom PDF