web authentication

[chjohnst]

Implementing a change like this is useful for protecting (non-admins) from changing configurations

[Dieterbe]

any reason why we should implement this in carbon-relay-ng itself? don't people typically implement this by putting a proxy nginx/apache in front that does authentication? either way this requirement seems pretty far fetched. the admin ui should only be visible to people within your organisation (protected network), and why would anyone in your organisation try to do harm (if that's even possible) by maliciously changing metrics routing settings? this looks like a solution to a non-problem to me.

[chjohnst]

Fair enough, I had considered sticking a proxy in front of it just to prevent non-admins from doing stuff. This is not so much a concern for protecting it from malicious people, but more about protecting it from non-admins accessing the system. I work for a hedgefund so we have some strict security policies before putting applications into production.

[Dieterbe]

ok, so do you think putting a proxy with authentication in front is a reasonable solution? i would rather not put stuff like this in the relay itself (unless there's a good reason for it)

[chjohnst]

I think that's an attainable solution for what I am trying to achieve.