[c-nsp] Looking-glass software?

Nick Hilliard nick at foobar.org
Thu May 18 11:37:47 EDT 2017


Saku Ytti wrote:
> I don't think anyone who should write their own looking glass needs to
> be shown example how to do it.
> 
> You are literally allowing anyone to inject data to your
> control-plane, it needs to be done right. I can immediately say you're
> not doing it right because you're not passing binary and arguments
> separately.

If the OP is looking for a looking glass, that's one thing.  If they're
looking for a NOC customer diagnostics tool, I'm not sure that a looking
glass is really the best approach, and perhaps authorization-controlled
CLI access would be a better option.

If you want a properly secured LG, you need to separate out web-ui
commands from back-end access to the data source, with good quality
params validation in between.  This is done in github.com/inex/birdseye,
but is specific to BIRD.

Nick


More information about the cisco-nsp mailing list