[api-sig][neutron] Question on oslo policy assertion when supplied attribute equals the default

Eric Fried openstack at fried.cc
Mon Apr 22 21:05:48 UTC 2019

> this change might give a lower privileged user (eg a user who cannot
> specify "ha") the ability to sniff around for the defaults,

This was the only thing I could think of.

> but i'm
> not sure if that information represents a security risk in this case.

Because they could also find that out by looking at the source code?


More information about the openstack-discuss mailing list