Skip to content
This repository has been archived by the owner on Jan 15, 2019. It is now read-only.

[dev.icinga.com #1279] Security Options for PNP Integration #336

Closed
icinga-migration opened this issue Mar 8, 2011 · 5 comments
Closed

Comments

@icinga-migration
Copy link

This issue has been migrated from Redmine: https://dev.icinga.com/issues/1279

Created by jhein on 2011-03-08 10:56:47 +00:00

Assignee: (none)
Status: Rejected (closed on 2013-03-11 12:37:19 +00:00)
Target Version: (none)
Last Update: 2013-03-11 12:37:19 +00:00 (in Redmine)


Currently the PNP Integration in Icinga does not have any security checking. If you know the URL to any PNP Chart, you can easily view other charts, even if you do not have access to them. It would be great if PNP does not deliver the HTML code of PNP directly, instead we could create a Icinga PHP file that checks user restrictions first, and then query PNP for the data and deliver that data to the user. PNP itself can than be restricted with an htaccess setting to not deliver content directly. but only via Icinga's script.

@icinga-migration
Copy link
Author

Updated by jmosshammer on 2011-09-26 15:57:53 +00:00

  • Status changed from New to Closed

@icinga-migration
Copy link
Author

Updated by jmosshammer on 2011-09-26 15:58:17 +00:00

  • Category set to Authorization
  • Status changed from Closed to New
  • Target Version set to 76

@icinga-migration
Copy link
Author

Updated by mfriedrich on 2011-12-08 12:39:37 +00:00

  • Target Version changed from 76 to 1.8

@icinga-migration
Copy link
Author

Updated by jmosshammer on 2012-09-03 14:15:45 +00:00

  • Target Version changed from 1.8 to 1.9

@icinga-migration
Copy link
Author

Updated by mfrosch on 2013-03-11 12:37:19 +00:00

  • Status changed from New to Rejected
  • Target Version deleted 1.9

This authorization issue should be fixed by PNP, Icinga Web only displays the images from PNP.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant