On 2020-03-28 02:42, Matt Zagrabelny wrote:
Greetings,
Suppose I have a class foo that host A gets via its catalog. Suppose
host B does not have foo in its catalog. Can host B do anything
malicious to obtain the sensitive data in foo?
My puppet master is using an ENC to generate the classification of each
host and then a rolesĀ + profiles design pattern and hiera for specific data.
Thanks for any hints or answers!
It is important that your server side logic uses $trusted when
classifying on node since other facts cannot be trusted.
If B is compromised a malicious user could spoof facts in a request and
pretend to be A. It cannot however spoof the certificate - and it
contains the information that is in $trusted.
- henrik
-m
--
You received this message because you are subscribed to the Google
Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to puppet-users+unsubscr...@googlegroups.com
<mailto:puppet-users+unsubscr...@googlegroups.com>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CAOLfK3XO1msp%3DHQB9Lwnyy4GX6BLYBonO60sdWTZzOsTYzV4Vg%40mail.gmail.com
<https://groups.google.com/d/msgid/puppet-users/CAOLfK3XO1msp%3DHQB9Lwnyy4GX6BLYBonO60sdWTZzOsTYzV4Vg%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
Visit my Blog "Puppet on the Edge"
http://puppet-on-the-edge.blogspot.se/
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/r5ng3b%24iuk%241%40ciao.gmane.io.
