<div dir="ltr">Nate,<div><br></div><div>The fix won't make it until next release, hence the workaround is published as OSSN. </div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Sat, Dec 21, 2013 at 9:11 AM, Nathanael Burton <span dir="ltr"><<a href="mailto:nathanael.i.burton.work@gmail.com" target="_blank">nathanael.i.burton.work@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">I might be missing something obvious, but wouldn't making the VNC token from nova-consoleauth a one-time use token solve this problem? I.e. once a user successfully connects to their console with an authorized token it won't work for future connections.  Then the rate-limiting of the Nova API would suffice, which should be presumed to already be in-place and configured.  Does that break other things?</p>


<p dir="ltr">Thanks,</p>
<p dir="ltr">Nate</p>
<div class="gmail_quote"><div><div class="h5">On Dec 21, 2013 10:57 AM, "Sriram Subramanian" <<a href="mailto:sriram@sriramhere.com" target="_blank">sriram@sriramhere.com</a>> wrote:<br type="attribution">
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
<div dir="ltr"><div class="gmail_extra">Dear Nathan, Rob, Bryan/ OSSG,</div><div class="gmail_extra"><br></div><div class="gmail_extra">Sorry for bothering during the holidays. When you get a chance, please review/ comment on the OSSN:</div>


<div class="gmail_extra"><br></div><div class="gmail_extra"><a href="https://wiki.openstack.org/wiki/OSSN/1227575" target="_blank">https://wiki.openstack.org/wiki/OSSN/1227575</a><br></div><div class="gmail_extra"><a href="https://bugs.launchpad.net/nova/+bug/1227575" target="_blank">https://bugs.launchpad.net/nova/+bug/1227575</a><br>


</div><div class="gmail_extra"><br></div><div class="gmail_extra"><span style="color:rgb(51,51,51);font-family:'Ubuntu Mono',monospace;font-size:12px;line-height:18px">I wanted to know if links to some rate-limiting frameworks such as Repose would help. I am not sure if we can link 3rd party tools in OSSNs. </span></div>


<div class="gmail_extra"><span style="color:rgb(51,51,51);font-family:'Ubuntu Mono',monospace;font-size:12px;line-height:18px"><br></span></div><div class="gmail_extra"><span style="color:rgb(51,51,51);font-family:'Ubuntu Mono',monospace;font-size:12px;line-height:18px">Happy Holidays!</span></div>


<div class="gmail_extra"><br><div>Thanks,</div><div>-Sriram</div>
</div></div>
<br></div></div>_______________________________________________<br>
Openstack-security mailing list<br>
<a href="mailto:Openstack-security@lists.openstack.org" target="_blank">Openstack-security@lists.openstack.org</a><br>
<a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security" target="_blank">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security</a><br>
<br></blockquote></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div>Thanks,</div><div>-Sriram</div>
</div>