On Wed, 7 Jun 2006, Henrik Stoerner wrote:
It's not completely secure, because the CGI scripts that generate the detailed status allow you to tweak the hostname in the URL, so if you know the hostname of another customers' system, then you can get the data about the host.
That's the gist of it. There is probably some issues I've missed (reporting, for instance), but I hope that will get you started.
Thank you Henrik and Larry for the quick responses.
I did already try something a little more basic than this involving a shell script calling the bbgen command to create the reports on the split up bb-hosts files. It worked pretty well but it was a little too easy to end up seeing other hosts and reports in there.
So I think for ease of definite security (through separation), maintenance, and upgrades I will go with the different instances of Hobbit running on different ports.
Thanks for the great software work you've done here.
-ted