Unlike SSH, HTTPS is_only_ an encrypted channel. What does that mean?
Well in my Database of Dot Sig Quotes there is this;
Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench. -- Gene Spafford
What you describe is asking for authentication at the park bench end of things, after the encrypted channel has been set up. Anyone with a browser can get that far.
The authentication you go on to describe is not particularly impressive. Someone could have hacked in to the browser making the connection before the connection was set up. It's just a password. The site is internal only and will never allow external connections. How could I log in securely if not using their password? As for 'doing it from the command line', most reasonable, modern *NIX breeds won't allow a root login from the Internet as a CLI. You have to be physically present at the console or log in and leave an audit trail using conventional accounts via SSH. Unless they login as themselves type sudo before the command or use su
Making an interface that is dumb enough for them opens up too many possibilities for some sophisticated hacker. Which is why I have been asked to write this program. The interface will only allow executing specific commands and scripts and only by
On 23/08/17 13:30, Anton Aylward wrote: then they can run it anyway. privileged users in the sudo group. The reason I am posting is to find out a simple secure way of doing this. Writing a system service could work but then that service will have full root access. I only want access granted to a handful of commands (such as adding entries in cron for maintenance jobs and creating new users). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org