Comment 5 for bug 881406

Hi,

We have just fixed this security issue at server side (web console and engine) and unix agent side:

http://bazaar.launchpad.net/~ocsinventory-core/ocsinventory-ocsreports/stable-2.0/revision/797
http://bazaar.launchpad.net/~ocsinventory-dev/ocsinventory-server/stable-2.0/revision/686
http://bazaar.launchpad.net/~ocsinventory-dev/ocsinventory-unix-agent/stable-2.0/revision/1069

We decide to no longer use snmp_com.txt and SNMP communities data are stored in database. OCS server pass SNMP communities data to agent at PROLOG step. SNMP communities data are sent only if OCS agent communicate with OCS server using HTTPS and if OCS agent DEVICEID is already known in database.

We removes Apache "Alias" configuration from ocsinventory-reports.conf file and we removed SNMP configuration steps in setup.sh script. Moreover, we had a treatment in OCS unix agent postinst.pl script to remove snmp_com.txt file if exists at agent side.

All of this will be integrated in future OCS 2.0.3 release.

Kind regards,

Guillaume