[openstack-dev] [Solum] [Security]

Paul Montgomery paul.montgomery at RACKSPACE.COM
Wed Nov 27 16:58:38 UTC 2013

I created some relatively high level security best practices that I
thought would apply to Solum.  I don't think it is ever too early to get
mindshare around security so that developers keep that in mind throughout
the project.  When a design decision point could easily go two ways,
perhaps these guidelines can sway direction towards a more secure path.

This is a living document, please contribute and let's discuss topics.
I've worn a security hat in various jobs so I'm always interested. :)
Also, I realize that many of these features may not directly be
encapsulated by Solum but rather components such as KeyStone or Horizon.


I would like to build on this list and create blueprints or tasks based on
topics that the community agrees upon.  We will also need to start
thinking about timing of these features.

Is there an OpenStack standard for code comments that highlight potential
security issues to investigate at a later point?  If not, what would the
community think of making a standard for Solum?  I would like to identify
these areas early while the developer is still engaged/thinking about the
code.  It is always harder to go back later and find everything in my
experience.  Perhaps something like:

# (SECURITY) This exception may contain database field data which could
expose passwords to end users unless filtered.


# (SECURITY) The admin password is read in plain text from a configuration
file.  We should fix this later.


More information about the OpenStack-dev mailing list