[HECnet] Question for PyDECnet users
Robert Armstrong
bob at jfcl.com
Thu Sep 24 14:25:31 PDT 2020
FWIW, I don't care if my IP or FQDN is displayed for either option.
Neither is especially secret. And in my view, security thru obscurity is
not especially effective.
Which reminds me - I need to get some of my HECnet link partners to enable
passwords on their connections...
Bob
-----Original Message-----
From: owner-hecnet at Update.UU.SE [mailto:owner-hecnet at Update.UU.SE] On Behalf
Of Paul Koning
Sent: Thursday, September 24, 2020 2:16 PM
To: <hecnet at update.uu.se>
Subject: [HECnet] Question for PyDECnet users
Gentlepeople,
Currently the details of what PyDECnet circuits connect to are not
displayed. So you can see that a Multinet circuit is up and the other end
is node 42.73, but you don't see the IP addresses or the like.
When things are working that's fine; when they are broken it might be
helpful to see what something is trying to talk to.
On the other hand, hiding IP addresses is arguably a security feature. So I
have this question:
1. Should the addressing info (basically, what's in the --device config
argument) be shown in the PyDECnet web interface?
2. Should the addressing info be visible via NCP / NML?
The difference is that #1 can be limited to be local only, if you use an
internal address for the web service. That's what I do for my nodes except
for the mapper, though perhaps there isn't a strong argument why it should
be so restrictive. #2, on the other hand, is visible to all HECnet users
assuming you haven't disabled NML in your config settings.
I'd be interested in comments. Am I too concerned about hiding information,
or is it sensible to be cautious?
paul
More information about the Hecnet-list
mailing list