← Back to team overview

graphite-dev team mailing list archive

  1. graphite-dev team
  2. Mailing list archive
  3. Message #02058

Re: [Question #186507]: Restrict access to graphite

  Thread PreviousDate PreviousThread Next 
Question #186507 on Graphite changed:
https://answers.launchpad.net/graphite/+question/186507

    Status: Open => Answered

Nicholas Leskiw proposed the following answer:
1. Not really. There's a whitelist function, but if the 'bullshit' data
matches the whitelist, it'll get in.

2. No, using apache is the recommended way.

3. No.

4. No.

It sounds like the best bet for you is to make graphite unavailable to
everyone except yourself, then wget/curl sets of  graph images, host
them on a second apache server, and not let anyone into the graphite
interface directly.

Graphite was not designed with security in mind, it was aimed at an open
enterprise environment where business units didn't have to hide data
from other business units.

-Nick

On Feb 1, 2012, at 8:11 AM, [CSG] Kamil
Rogoń<question186507@xxxxxxxxxxxxxxxxxxxxx> wrote:

> New question #186507 on Graphite:
> https://answers.launchpad.net/graphite/+question/186507
> 
> Hello, a few questions about security.
> 
> 1. Is it possible not to accept new data from graphite port? I mean accept only this names which are already inside. If firewall allows to connect to graphite port anyone can send me bullshit via telnet.
> 
> 2. Is it possible to require login to view data? I deactivated user "default" but this does not work that way. I've read one question from 2008 that only .htacces can help. Anything changed from that time?
> 
> 3. Is it possible to show specified data (recognized by name) only to certain graphite users? Ex. divide financial / technical data.
> 
> 4. Is it possible to limit showing saved "user graph" only to owner of this user? Or some switch while saving if graph should be public?
> 
> Best regards,
> k.
> 
> -- 
> You received this question notification because you are a member of
> graphite-dev, which is an answer contact for Graphite.
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~graphite-dev
> Post to     : graphite-dev@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~graphite-dev
> More help   : https://help.launchpad.net/ListHelp

-- 
You received this question notification because you are a member of
graphite-dev, which is an answer contact for Graphite.
  Thread PreviousDate PreviousThread Next