Forum: CFEngine Help Subject: Re: Restricting access to the cfengine3 policy server promise files based on cfengine3 client level groups. Author: sauer Link to topic: https://cfengine.com/forum/read.php?3,24135,24185#msg-24185
neilhwatson Wrote: ------------------------------------------------------- > More often than not it is not worth the trouble of > restricting policy downloads of Cfengine clients. > The policies are small and usually have no private > information. Anyone managing local account passwords with CFEngine should be restricting access to the policies containing those passwords, and only distributing the portion of the policy (or the remote scalar) relevant to a given machine. Otherwise, a breach on one machine has potential to become a breach on all managed machines. Unless we're talking about a site where every user is identical on every system, I suppose. :) _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
