Yoshio Imai wrote: | Until revision 1642, it was possible to submit entries to a password-protected logbook using the elog client without supplying authentication information. With revision 1671 this is no longer possible. In principle this is good. However, many of our run control programs use the elog client (via rsh to the elog server computer) to submit automatic entries, which fails now. In order for this mechanism to work again, we would have to change the command-line call in the sources, including now the password in clear text. Since this can be considered a security issue, we would like to avoid it if at all possible. I guess my request would go in the direction of PAM support, but would it be possible to revert to the old behaviour as an option? (If you tell me where in the code to look, we could probably also comment out the respective lines ourselves so that you don't have extra work...) |
There was a quite strong request to not allow unauthorized access via the elog utility. People were also able to submit entries with the "curl" program without supplying authorization. So I rather would not like to go back to the old version. But I would propose a different scheme: We could save the username/password in a file on the server, which is maybe readable only by the owner. Then one could call elog with
elog ... -u @filename
so that the user name and password gets retrieved from the file on the server. This way the password does not have to be passwd over the network. BTW, you also could use ssh instead of rsh to prevent password being sent over the network in plain text.
Quote: |
The second remark is about attachment comments. When editing a logbook entry, the attachment upload buttons appear again, but without the comment. Shouldn't it be there, too? |
I'll have a look and fix it. |