[Openstack-security] [openstack/keystone] SecurityImpact review request change If5229d89a39dca952dee3b1c4cbf3b34b8afa95b
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Wed Sep 4 10:32:19 UTC 2013
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/43257
Log:
commit 66a93021e21d79691ab6271dc6acb7fe4702a190
Author: Henry Nash <henryn at linux.vnet.ibm.com>
Date: Sun Aug 11 10:26:31 2013 +0100
Implement filter support in driver backends
Currently filtering is only done at the controller level, leading to
performance issues since we are not using native filtering capabilities
of any of the underlying backends (e.g. SQL, LDAP). This patch enables
such support.
This patch also creates the foundation for implementing truncation of
lists to size set by the cloud provider as well as providing pagination
support. However, both these capabilities are implemented as separate
patches.
Limitations:
- The LDAP backend does not yet support for filtering, leaving it to the
controller level. LDAP support will be added in a separate patch
- The inexact filters are disabled, pending api review of the changes,
which is targeted for IceHouse
- Filtering for service, endpoint and policy is left at the controller
level, since these operations are not considered performance issues.
SecurityImpact: Please review for Potential for Sql Injection attacks.
Implements bp filtering-backend-support
Change-Id: If5229d89a39dca952dee3b1c4cbf3b34b8afa95b
More information about the Openstack-security
mailing list