BSDstats Project v2.0 ...

[Matthew Seaman]

Paul Schmehl wrote:
 
> 1) encrypt the data being fed to your systems by the script - this
> should be relatively easy using keys and would ensure that a man in the
> middle attack would fail.  You can connect using ssh and a unique key
> without having to reveal passwords to anyone.

Uh... HTTPS surely?  Because it's relatively simple to implement on both
client and server, doesn't require extra software installed on every client
beyond the monthly stats script itself and because of the way that HTTPS
uses a one-sided Diffie Helmann exchange to create session keys which means
that you don't have any trouble with key management on the many thousands
of client boxes out there...

In which case rewriting the monthly_stats script to send all the data to
the server in one transaction would be a pretty good optimization.  It's
a pity that fetch(1) doesn't have the capability to do a HTTP POST rather
than a GET though, given the amount of stuff to send.

As a matter of interest, does the FreeBSD project or any of the other
*BSDs have a CA anywhere that could sign the bsdstats web server cert?
If not, then I guess some sort of appeal to raise the cash to get a
cert signed by one of the Root CAs might well be in order.

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       7 Priory Courtyard
                                                      Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey         Ramsgate
                                                      Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060811/a4124fdc/signature.pgp