Change abandoned by Ron De Rose (ronald.de.rose at intel.com) on branch: master Review: https://review.openstack.org/239948 -- You received this bug notification because you are a member of OpenStack Security, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1499555 Title: You can crash keystone or make the DB very slow by assigning many roles Status in OpenStack Identity (keystone): Won't Fix Status in OpenStack Security Advisory: Won't Fix Bug description: This is applicable for UUID and PKI tokens. Token table has extra column where we store role information. It is a blob with 64K limit. Basically we can do the following to fill the BLOB Say user is U, and Project is P for i =1 to 1000 ( or any large number) role x = create role i with some large name assign role x for user U and Project P create a project scoped token for user U To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1499555/+subscriptions