About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

RE: RPSL authentication mechanisms

  • To: "'Andrei Robachevsky'" < >
    David Kessens < >
  • From: "Lu, Ping" < >
  • Date: Tue, 23 Apr 2002 10:17:10 -0400
  • Cc: "Lu, Ping" < >
    "'Cengiz Alaettinoglu'" < >
    "Larry J. Blunk" < >
    Shane Kerr < >
[snip]
> > 
> >>One easy way may be to translate/filter the query output to 
> mask the hash
> >>string with '*'
> >>based on where the query coming from. If the address is 
> authorized then pass
> >>the query output
> >>without filtering.
> >>
> > 
> > That's how I implemented it.
> 
> 
> The problem here is that you either need to map the address to a 
> particular mntner (or group of mntners), or to to allow all 
> authorised 
> users to see all the data uncensored. To say nothing about 
> maintaining 
> an acl of 7000 plus entries (# of mntners in the RIPE DB).
> 

That will be a full implementation, I am thinking more of a "admin only"
check like dbupdate be able to check the hash string from localhost.
Only some admin hosts can see all the hash strings but the regular users
won't
see any even for their own maintainer.


Ping Lu
Cable & Wireless USA
Network Tools and Analysis Group
W: +1-703-292-2359
E: plu@localhost
  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community