[c-nsp] Looking-glass software?
Nick Hilliard
nick at foobar.org
Thu May 18 11:37:47 EDT 2017
Saku Ytti wrote:
> I don't think anyone who should write their own looking glass needs to
> be shown example how to do it.
>
> You are literally allowing anyone to inject data to your
> control-plane, it needs to be done right. I can immediately say you're
> not doing it right because you're not passing binary and arguments
> separately.
If the OP is looking for a looking glass, that's one thing. If they're
looking for a NOC customer diagnostics tool, I'm not sure that a looking
glass is really the best approach, and perhaps authorization-controlled
CLI access would be a better option.
If you want a properly secured LG, you need to separate out web-ui
commands from back-end access to the data source, with good quality
params validation in between. This is done in github.com/inex/birdseye,
but is specific to BIRD.
Nick
More information about the cisco-nsp
mailing list