[Openstack-security] [openstack/keystone] SecurityImpact review request change If5229d89a39dca952dee3b1c4cbf3b34b8afa95b

gerrit2 at review.openstack.org gerrit2 at review.openstack.org
Thu Aug 29 15:10:18 UTC 2013


Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/43257

Log:
commit 8296ce890154c6680a4cfb890a2f81b4a0aadbe0
Author: Henry Nash <henryn at linux.vnet.ibm.com>
Date:   Sun Aug 11 10:26:31 2013 +0100

    Implement filter support in driver backends
    
    Currently filtering is only done at the controller level, leading to
    performanse issues since we are not using native filtering capabilities
    of any of the underlying backends (e.g. SQL, LDAP). This patch enables
    such support.
    
    It also provides an optional limit to the number of rows that will be
    returned by a backend.  Further, it provides the framework upon which
    we might implement paging in the backends (although such implementation
    will be part of a different patch).
    
    Limitations:
    
    - The LDAP backend does not yet support for filtering, leaving it to the
      controller level.  LDAP support will be added in a separate patch
    - The inexact filters are disabled, pending api review of the changes,
      which is targeted for IceHouse
    - Filtering for service, endpoint and policy is left at the controller
      level, since these operations are not considered performance issues.
    
    SecurityImpact: Please review for Potential for Sql Injection attacks.
    DocImpact
    
    Implements bp filtering-backend-support
    
    Change-Id: If5229d89a39dca952dee3b1c4cbf3b34b8afa95b





More information about the Openstack-security mailing list