[ZBXNEXT-2904] Option to securely pass sensitive arguments to External check and User parameter Created: 2015 Aug 15 Updated: 2021 Apr 08 |
|
Status: | Open |
Project: | ZABBIX FEATURE REQUESTS |
Component/s: | Agent (G), Proxy (P), Server (S) |
Affects Version/s: | 2.2.10 |
Fix Version/s: | None |
Type: | New Feature Request | Priority: | Major |
Reporter: | Marc | Assignee: | Unassigned |
Resolution: | Unresolved | Votes: | 1 |
Labels: | externalchecks, security, userparameters | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
Command line arguments or environment variables can easily be exposed via the /proc file system. Since Now I wonder whether it is feasible to improve External check and User parameter functionality to be usable for such cases too - to get sensitive data passed more securely. The only way I currently can think of is by optionally passing data to stdin of the custom command. I've no clue whether it should rather be configurable in a fixed format with two variables only (username and password) or a free form field supporting line breaks. The first allows to use existing form fields. The latter provides maximum flexibility for instance to adapt a format that is already supported by a given custom command. I know, without something like |
Comments |
Comment by Justin Addams [ 2021 Apr 08 ] |
If I understand correctly, this is still an issue experienced even when using the new secure macros? |