Open Stack

Bryan D. Payne wrote:
>     Should the effort then shift to running the services in these real
>     web servers to take advantage of better SSL performance and not
>     leave an exposed underbelly?
>
>
> Ideally yes, but that's a relatively big change for a relatively small
> gain.  The "exposed underbelly" in this case isn't such a big deal in
> the grand scheme of things.  Basically it is just transporting some
> information in the clear __within a local system__.

IMHO passwords should never be in the clear.

>     I'm not sure I follow your reasoning on the HTTPConnection/requests
>     change though. On the one hand these web servers pay closer
>     attention to security and yet the OpenStack clients are replacing
>     their insecure client library. So it seems to me that it is gaining
>     attention. And really, that is where the big problem is anyway with
>     some clients not doing any sort of validation now.
>
>
> Requests is great, but it still doesn't get nearly the security /
> performance scrutiny that projects like Apache or Nginx receive.

Ok, not sure how that is relevant, though scary, as the client is common 
regardless of the SSL backend.

rob