On 8/6/2016 7:11 AM, Andreas Koch wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hallo all,
>
> many thanks for the extremely interesting discussions!
>
> I think that for our use case, the ``SD Calls Client'' directive would
> probably work best. Many thanks to the Bacula devs for adding it!
I'll second that! Many thanks.
> As for Josh's comment on potential security weaknesses due to spoofing the
> Director: While that problems certainly exists, it is alleviated by the fact
> that due to firewalling, the remote client outside of the firewall would
> accept connections to the FD _only from the internal network_, making
> spoofing a bit more difficult. Specifically, it would accept a connection
> from a single SD host in the (hopefully) secure internal network, which also
> has anti-spoofing rules in place.
It certainly can be secure. I would add that Bacula's authentication
also makes it very hard to spoof. My point was that it shifts the
security focus from one SD to potentially many clients. Now that I think
of it, though, this is probably not a feature one would use with very
many clients..
------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|