Forum: Cfengine Help Subject: Re: please advise on cfengine3 security design best practices Author: matter Link to topic: https://cfengine.com/forum/read.php?3,19246,19258#msg-19258
I don't quite see the security concern. I can see buffer overflows and such if not programmed correctly, but it is fine in this case. I like being able to do a bootstrap before the regular run. With this method I can use the splay time to for both update and run instead divining alternate methods with cron. This way the policy host doesn't get hammered all at once. Security can be excised to point where the tasks you are trying to do become impossible, and resorting to manual efforts would soon follow. Sometimes the cost to prevent a security vulnerability would cost more than the vulnerability could ever do. It is a delicate balance. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
