[Openstack-security] keystone tokens
Simo Sorce
simo at redhat.com
Mon May 13 13:11:26 UTC 2013
On Sun, 2013-05-12 at 18:31 +0000, Clark, Robert Graham wrote:
> Generally speaking "A DoS from an authenticated user" is a _massive_
> concern for anyone who has a cloud with unaccountable users, such as
> shared clouds and for public clouds in particular.
Authenticated users usually have many many ways to cause excessive use
of resources.
If you are concerned about an authenticated user causing DoS I think the
right answer is to look at rate limiting and a monitoring system that
reports which users are abusing the system. It's easy to
(auto?)terminate accounts that are misbehaving. A completely different
class than anonymous DoS.
simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Openstack-security
mailing list