Re: [Nagios-devel] NRPE/NSCA and SOAP/XML-RPC
Posted: Tue Jan 31, 2006 11:08 am
--1sPOHk9wyUr/csgM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jan 31, 2006 at 12:00:05PM -0600, Ethan Galstad wrote:
> I was thinking that communication between the NRPE/NSCA servers and=20
> their clients should be done using SOAP or XML-RPC. Any thoughts on=20
> this?
I'm in favor of standardized interfaces, especially if it can be
done with a cleartext interface -- all sorts of interesting ways
come up to talk to it.
> SSL to hide traffic (gSoap can handle this), but the traffic for NSCA=20
> is encrypted differently to both prevent replay attacks and provide=20
> some level of trust in the client. Perhaps this means that it=20
> doesn't make sense to use SOAP/XML-RPC for the NSCA addon? Or=20
> perhaps the entire SOAP message should be encrypted (as the non-SOAP=20
> message is now) before being sent, which would mean that I would need=20
> to write out the SOAP message myself, rather than using a library.
I'd suggest doing with a library, no sense reinventing the
wheel. The GPG libraries might be able to help you with the
encryption / trust part, and I think handling gpg keys is easier
than creating a new x509 CA.
-Jason Martin
--=20
This message is PGP/MIME signed.
--1sPOHk9wyUr/csgM
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: --no-verbose
iD8DBQFD37W0eDShAkRw0YoRAqc2AJ9VmVbT3otz0iX+KaOtF7nhhqfW/gCguzBz
3o38yvTajLWd7/vn2Io9XKc=
=WX0L
-----END PGP SIGNATURE-----
--1sPOHk9wyUr/csgM--
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jan 31, 2006 at 12:00:05PM -0600, Ethan Galstad wrote:
> I was thinking that communication between the NRPE/NSCA servers and=20
> their clients should be done using SOAP or XML-RPC. Any thoughts on=20
> this?
I'm in favor of standardized interfaces, especially if it can be
done with a cleartext interface -- all sorts of interesting ways
come up to talk to it.
> SSL to hide traffic (gSoap can handle this), but the traffic for NSCA=20
> is encrypted differently to both prevent replay attacks and provide=20
> some level of trust in the client. Perhaps this means that it=20
> doesn't make sense to use SOAP/XML-RPC for the NSCA addon? Or=20
> perhaps the entire SOAP message should be encrypted (as the non-SOAP=20
> message is now) before being sent, which would mean that I would need=20
> to write out the SOAP message myself, rather than using a library.
I'd suggest doing with a library, no sense reinventing the
wheel. The GPG libraries might be able to help you with the
encryption / trust part, and I think handling gpg keys is easier
than creating a new x509 CA.
-Jason Martin
--=20
This message is PGP/MIME signed.
--1sPOHk9wyUr/csgM
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: --no-verbose
iD8DBQFD37W0eDShAkRw0YoRAqc2AJ9VmVbT3otz0iX+KaOtF7nhhqfW/gCguzBz
3o38yvTajLWd7/vn2Io9XKc=
=WX0L
-----END PGP SIGNATURE-----
--1sPOHk9wyUr/csgM--
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]