With dbedit it is possible to start operations without authenticating : dbedit -local ... does not require to enter adminname and password.
mgmt_cli always needs a login phase to start the session.
For scripts (like run from cron) this means that adminname and credentials must somehow be available to the script.
Consequently, if the developer or sysadmin keeps a backup of the script, there is not only the functionality of the script, but also the credentials to gain access to the management server.
Personally, I would prefer to let the script focus on the functionality, and not hold credentials that might be changed independently (making the script fail on the next run after restore) or get lost in unauthorized hands who then might abuse them via the GUI ...
Would it make sense to formulate a feature request ?
- allow unauthenticated API access if connecting from/to 127.0.0.1 (like dbedit -local now)
- extend permission profile to state : API login only
(if API is only accessible on 127.0.0.1 - the default - the account cannot be abused via GUI)
- extend permission profile to hold : source IP from where this administrator can connect
(if we could specify 127.0.0.1 there, abuse via GUI gets harder - it would need ssh port forwarding
and hence that admin would already need a Gaia login account to the management server)
- both if the above : "API login only" + "allowed source IP"
Your thoughts on this ?