Hacker News new | past | comments | ask | show | jobs | submit login

It's MIT-licensed, which is great. I don't so much need a web interface to grep on my own servers, but would very much like to embed something like this into my product.

I can imagine it would be extremely useful to an ops team; my whole life is driven off my browser bookmark bar, and this presumably lets people bookmark server logs.

Under the hood, this is single-threaded EventMachine, using EventMachine::popen to relay output from processes to the client, and HTTP chunked encoding to push results to the browser. It's HTTP Basic Auth only, and it runs Actual Unix Commands, so make that password good.

Nicely done!




Yea that's a good point. You really don't want to have someone else access your clarity installation. This takes URL parameters and runs them on the command line. Probably the most insecure thing invented by man. Hide it will.


No, the most insecure things invented by people take URL parameters from unauthenticated requests and run them on the command line.

I didn't audit the code or anything, but all the request processing is gated by a function that requires HTTP basic-auth, which is at least hard to screw up. To accidentally add a function that bypasses auth, they'd have to write an entire new request handler chain.

That said, I noticed the same thing (popen), and if I was going to integrate this with our product, I'd hardcode the command line.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: