[Opensim-dev] ConsoleClient -pass option

Dickson, Mike (ISS Software) mike.dickson at hp.com
Fri Sep 4 15:05:09 UTC 2009 

Thanks for the pointer Melanie. No I wasn't aware of it.  I'll have a look. 

I'm pretty sure I don't agree however that a simple GET/PUT interface is somehow just better than (dated!) XML/RPC (or some other protocol where the on the wire data types are actually defined). That's creeping towards a religious discussion however so I'll drop it. Having the console functionality packages separate like this is the important "feature" IMO. 

Mike

-----Original Message-----
From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-bounces at lists.berlios.de] On Behalf Of Melanie
Sent: Friday, September 04, 2009 9:59 AM
To: opensim-dev at lists.berlios.de
Subject: Re: [Opensim-dev] ConsoleClient -pass option

Have you ever looked at the REST console? That is precisely what it 
does, it removes the local console, enabling the process to run as a 
daemon, and allows remote connections from a console application.

Only, it doesn't use the (dated) XMLRPC, it uses RESTful requests.

XMLRPC admin is only available in region servers, and is too limited 
a tool even if "beefed up" to ever replace a console.

Melanie

Dickson, Mike (ISS Software) wrote:
> Right.  That gets around the issue.  BTW, if the server is running SNMP or something that gives access to the process list this problem can leak outside the local machine.  I don't for sure but I'm guessing you could have the same issue in Windows with WMI.
> 
> IMO, the right answer is to dump the consoles, beef up the XML/RPC admin interface and if desired do a separate "console app" that parses and sends the XML/RPC to the server.  I've been noodling on that but still struggling with a stable config with the new "BUST" architecture.
> 
> Mike
> 
> -----Original Message-----
> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-bounces at lists.berlios.de] On Behalf Of Dr Scofield
> Sent: Friday, September 04, 2009 3:19 AM
> To: opensim-dev at lists.berlios.de
> Subject: Re: [Opensim-dev] ConsoleClient -pass option
> 
> 
> Dickson, Mike (ISS Software) wrote:
>> I'd agree with Dave on this one.  Just a simple long ps listing gets you the password if its on cleartext on the command line.  At least the file can be locked down via permissions.  A password on the command line is pretty much insecure. Might as well not have one.
> 
> ...unless you rewrite argv (which is standard practise for stuff like that).
> 
> 	DrS/dirk
> 
>> 
>> Mike
>> 
>> -----Original Message-----
>> From: opensim-dev-bounces at lists.berlios.de [mailto:opensim-dev-bounces at lists.berlios.de] On Behalf Of Melanie
>> Sent: Thursday, September 03, 2009 10:02 PM
>> To: opensim-dev at lists.berlios.de
>> Subject: Re: [Opensim-dev] ConsoleClient -pass option
>> 
>> It's choosing the lesser evil.
>> 
>> Melanie
>> 
>> 
>> Dave Coyle wrote:
>>> On Thursday 03 September 2009 03:00:46 pm  wrote:
>>>> commit 6b70b5709913e9734f5864560e997b34dfd58b85
>>>> Author: Justin Clark-Casey (justincc) <jjustincc at googlemail.com>
>>>> Date:   Thu Sep 3 20:00:18 2009 +0100
>>>>
>>>>     * Add extra warning about using -pass in
>>>> OpenSim.ConsoleClient.ini.example
>>>>
>>>> <...>
>>>>
>>>> +    ; Please be aware that this is not secure since the password is in the
>>>> clear +    ; we recommend the use of -pass wherever possible
>>>>      ;pass = secret
>>>
>>> Is the password not also in the clear, visible to any local user who does a 
>>> 'ps', if you use the -pass switch?  Access to OpenSim.ConsoleClient.ini can at 
>>> least be restricted to specific user(s).  I don't see how -pass is the lesser 
>>> of the two evils.
>>>
>>> -coyled
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Opensim-dev mailing list
>>> Opensim-dev at lists.berlios.de
>>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
>> _______________________________________________
>> Opensim-dev mailing list
>> Opensim-dev at lists.berlios.de
>> https://lists.berlios.de/mailman/listinfo/opensim-dev
> 
> 
_______________________________________________
Opensim-dev mailing list
Opensim-dev at lists.berlios.de
https://lists.berlios.de/mailman/listinfo/opensim-dev

More information about the Opensim-dev mailing list