On 2020-03-28 02:42, Matt Zagrabelny wrote:
Greetings,
Suppose I have a class foo that host A gets via its catalog. Suppose
host B does not have foo in its catalog. Can host B do anything
malicious to obtain the sensitive data in foo?
My puppet master is using an ENC to generate the classification of each
host and then a rolesĀ + profiles design pattern and hiera for specific data.
Thanks for any hints or answers!
It is important that your server side logic uses $trusted when
classifying on node since other facts cannot be trusted.
If B is compromised a malicious user could spoof facts in a request and
pretend to be A. It cannot however spoof the certificate - and it
contains the information that is in $trusted.
- henrik
-m
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to [email protected]
<mailto:[email protected]>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAOLfK3XO1msp%3DHQB9Lwnyy4GX6BLYBonO60sdWTZzOsTYzV4Vg%40mail.gmail.com
<https://groups.google.com/d/msgid/puppet-users/CAOLfK3XO1msp%3DHQB9Lwnyy4GX6BLYBonO60sdWTZzOsTYzV4Vg%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
Visit my Blog "Puppet on the Edge"
http://puppet-on-the-edge.blogspot.se/
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/r5ng3b%24iuk%241%40ciao.gmane.io.
