Mar 29, 2021
11:04 AM
Dear $_ The web application presently employ LDAP(S) or a local database to authenticate the user to the system. For several reasons, that technique becomes obsolete. (a local user db is a security problem, no matter which encryption is used). Therefore it is mandentory to improve the authentication in the near future. Is there any roadmap to implement a more sophisticated authentication method (preferable SAML in my case). Moreover, it is either preferred to exclude the authorisation (role mapping) from the system using attributes in the SAML ticket. Kind Regards, Stefan Pauleweit
... View more
- Tags:
- Feature Request
Nov 24, 2020
04:41 AM
Hi Philipp (@pseidel), sure, I called him today. We figured out a way to fulfill both requirements. SecIssue and the no change order in the VCenter interface. To update the last component, I'll wait for the info and our internal approval then. Kind regards, Stefan
... View more
Nov 20, 2020
10:31 AM
Dear @pseidel Maybe you got me wrong. If the VCenter connector, a PS Script, is extended and so the load of data from the VCenter, I need to inform the product lead of our infrastructure team about that differences of the interface in advance (easiest way is to send the new PS and a documentation). There are some more reasons, which I will not discuss here, why I can't simply deploy an inferface change yet. If the interface is not changing at all, but the information already saved in the *swrd is interpreted in a different way, the handling is easy. Otherwise the switch may be on by design, I'll switch it off by default. As long as I have the approval of a number of people. That will take time. I would not deploy soon, but... Security Issue So, if there is any change in the interface for getting data from the VCenter, you need to provide that switch proactive. Please clarify " vCenter Connector has also been delivering data from the running virtual systems and thus delivering more data to Spider": is the export of the connector a change in the interface to the VCenter (getting more data) or is it a change in handling already exisiting data. (If that switch is not enabling the former approved behaviour of the interface to the VCenter, please inform me too.) It is also true for interfaces to AD, SCCM and so on. (btw. SCCM connector seems to be slow in general) I'm very waiting for the information of that Security Issue. Regards Stefan
... View more
Nov 20, 2020
07:49 AM
1 Kudo
Dear @pseidel Since the September version, the vCenter Connector has also been delivering data from the running virtual systems and thus delivering more data to Spider. Accordingly, assets with some system data are visible, even if no additional inventory is made. If this functionality leads to problems, the extension of the guest details can be deactivated. Because of the well know vcenter problem, we still use SDC v1.2007. If there is a security issue, it is mandatory to update asap, but we also need to disable the new functionallity for several reasons temporally. So... where to find the description of the connectors attribute to disable the functionallity? The manual of the SDC in the download portal isn't updated since a while ago (v1.2003). If there is a security issue, where can I find basic information? CVSS, CVE, affected versions? If the Columbus Inventory Scanner is involved, I need detailed information about that issue! The post is not very clear in that point. Regards Stefan
... View more
Latest posts by stefan_paulewe
Subject | Views | Posted |
---|---|---|
341 | Mar 29, 2021 11:04 AM | |
2434 | Nov 24, 2020 04:41 AM | |
2525 | Nov 20, 2020 10:31 AM | |
2558 | Nov 20, 2020 07:49 AM |
Activity Feed
- Kudoed EN/DE Removal of old Data Collectors from Spider for james_ellis. Jun 10, 2021 08:34 AM
- Posted Better authentification methods available? on Spider Forum. Mar 29, 2021 11:04 AM
- Tagged Better authentification methods available? on Spider Forum. Mar 29, 2021 11:04 AM
- Posted Re: Spider Software Services - October and November 2020 update on Spider Release Blog. Nov 24, 2020 04:41 AM
- Got a Kudo for Re: Spider Software Services - October and November 2020 update. Nov 23, 2020 03:36 AM
- Posted Re: Spider Software Services - October and November 2020 update on Spider Release Blog. Nov 20, 2020 10:31 AM
- Posted Re: Spider Software Services - October and November 2020 update on Spider Release Blog. Nov 20, 2020 07:49 AM