Hello Mikrotik,
I've been trying to run scripts on Mikrotik in a secure manner (See my post here).
What I mean by secure manner is: Allow any anonymous/very low permissioned user to run a script that could do higher level things like reboot/modify config.

This is analogous to how CGI/PHP scripts are executed on a webserver where anonyomous users can request script execution and a higher level process will execute it and return results.

The issue is I'm trying solve is establish trust boundaries where Mikrotik should not have to trust an external server/NIX box by giving SSH access with read/write permissions. Mikrotik should be a self contained secure unit - this reduces the number of different places we need to worry about security.

In the post above , use of SNMP was suggested. While this seems possible, we get into similar types of security holes:
1. We have to enable SNMP write access to the internet. This is very hard to manage.
2. Today OIDs that allow write are limited so we may black list them however, in future versions if new OIDs are added with write, then we have a hole.
3. A possible way could be whitelisted OIDs for SNMP write.

Could you please comment on the above possibilities?