From 5ceb315e3463eaa50abf43a4c07cb37d9486b1fd Mon Sep 17 00:00:00 2001
From: Melanie Thielker
Date: Wed, 1 Feb 2017 15:30:17 +0000
Subject: Secure sim stats with an (optional) password.

There is way too much in these stats to expose them to the world, at
least for some of us.
---
 OpenSim/Framework/Monitoring/StatsManager.cs | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'OpenSim/Framework')

diff --git a/OpenSim/Framework/Monitoring/StatsManager.cs b/OpenSim/Framework/Monitoring/StatsManager.cs
index 55c3276..a6b341f 100644
--- a/OpenSim/Framework/Monitoring/StatsManager.cs
+++ b/OpenSim/Framework/Monitoring/StatsManager.cs
@@ -47,6 +47,8 @@ namespace OpenSim.Framework.Monitoring
         // Subcommand used to list other stats.
         public const string ListSubCommand = "list";
 
+        public static string StatsPassword { get; set; }
+
         // All subcommands
         public static HashSet<string> SubCommands = new HashSet<string> { AllSubCommand, ListSubCommand };
 
@@ -302,6 +304,17 @@ namespace OpenSim.Framework.Monitoring
             int response_code = 200;
             string contenttype = "text/json";
 
+            if (StatsPassword != String.Empty && (!request.ContainsKey("pass") || request["pass"].ToString() != StatsPassword))
+            {
+                responsedata["int_response_code"] = response_code;
+                responsedata["content_type"] = "text/plain";
+                responsedata["keepalive"] = false;
+                responsedata["str_response_string"] = "Access denied";
+                responsedata["access_control_allow_origin"] = "*";
+
+                return responsedata;
+            }
+
             string pCategoryName = StatsManager.AllSubCommand;
             string pContainerName = StatsManager.AllSubCommand;
             string pStatName = StatsManager.AllSubCommand;
-- 
cgit v1.1