On Fri, Mar 1, 2013 at 3:40 PM, <cleaver at terabithia.org> wrote:
[snip]
Perhaps user/pass authentication could be added, but "real" security at the report-submission level would be SSL-handshaking at the port with any local keys controlled by standard unix/host access controls, (or HTTPS and xymonmsgcgi.msg and appropriate user/pass auth info after the SSL tunnel is set up). The bits and pieces are in trunk, but I'm not sure what their current working state is...
I'm currently using xymoncgimsg.cgi to catch status messages sent over HTTPS via curl. For what I'm doing, the client-side xymon binary can be replaced by a script.
I'm not using client-side certificates, though that ought to be fairly easy to add. The problem with any client-side userid/password/certificate is that you have to have a plain text password or key somewhere, so the whole security chain could unravel if not done right.
Ralph Mitchell