So I noticed that the default unauthenticated guest access allows anyone read access to most (all?) stuff. This is probably fine if access is available internally to a select group of people, but in larger environments, or when the interface is accessible from the internet, I think the option should be there to remove this kind of guest access.

Is this possible at all? I've looked at users and groups, and the default group (which I assume "guest" is a member of) does not have any of the permissions granted. If it's not currently possible, I'd like to create a feature request for it.

At the moment, we've added another layer of protection (user authentication with Apache) so we could safely allow access to our ONA instance from the internet.

Anton

interesting thought.

perhaps actually modify it such that permissions per user can be granted for viewable areas.

maybe just have something like

subnets : read only / full / none
hosts : read only / full / none

etc per user

it gives a bit more granularity.

feature request ill leave that one up to you!

maybe just have something like

subnets : read only / full / none
hosts : read only / full / none

etc per user

That certainly sounds like a Good Thing.

feature request ill leave that one up to you!

Done deal.

perfect - and matt will have time to get to it sometime in 2011 - real jobs ... who needs em!

I was waiting for this question...

I agree that I need to support this.. Up till now I just left it as I had originally used the thing. The whole user authentication thing is very minimal and could use a serious overhaul. I need to dig in to this part of the code again and see how easy it will be.. I would expect I could rig something up for now.

And yes Tim, it is a cruel cruel world we live in with all of this real work to be done!

I was waiting for this question...

it seems there are a lot of things you are waiting for someone to point out!

it all goes back to that damn work thing in the real world ... what the heck!