[Openstack-security] Request to review OSSN
Sriram Subramanian
sriram at sriramhere.com
Sat Dec 21 18:03:35 UTC 2013
Nate,
The fix won't make it until next release, hence the workaround is published
as OSSN.
On Sat, Dec 21, 2013 at 9:11 AM, Nathanael Burton <
nathanael.i.burton.work at gmail.com> wrote:
> I might be missing something obvious, but wouldn't making the VNC token
> from nova-consoleauth a one-time use token solve this problem? I.e. once a
> user successfully connects to their console with an authorized token it
> won't work for future connections. Then the rate-limiting of the Nova API
> would suffice, which should be presumed to already be in-place and
> configured. Does that break other things?
>
> Thanks,
>
> Nate
> On Dec 21, 2013 10:57 AM, "Sriram Subramanian" <sriram at sriramhere.com>
> wrote:
>
>> Dear Nathan, Rob, Bryan/ OSSG,
>>
>> Sorry for bothering during the holidays. When you get a chance, please
>> review/ comment on the OSSN:
>>
>> https://wiki.openstack.org/wiki/OSSN/1227575
>> https://bugs.launchpad.net/nova/+bug/1227575
>>
>> I wanted to know if links to some rate-limiting frameworks such as Repose
>> would help. I am not sure if we can link 3rd party tools in OSSNs.
>>
>> Happy Holidays!
>>
>> Thanks,
>> -Sriram
>>
>> _______________________________________________
>> Openstack-security mailing list
>> Openstack-security at lists.openstack.org
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>>
>>
--
Thanks,
-Sriram
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131221/a35e8eed/attachment.html>
More information about the Openstack-security
mailing list