[Openstack] Security concern with vncserver_listen 0.0.0.0 and multi_host
Mac Innes, Kiall
kiall at hp.com
Wed Apr 3 10:11:29 UTC 2013
On 03/04/13 11:03, Sam Stoelinga wrote:
> To prevent this happening to somebody else we could do the following:
> 1. In the documentation explicitly tell the user that when you enable
> multi_host that you can't use vncserver_listen=0.0.0.0
> 2. Do some sanity checks on nova.conf options, if we notice that
> vncserver_listen: 0.0.0.0 and multi_host true, we don't allow starting
> the nova-compute service and give a clear error message saying that it's
> stupid to do something like that and what the user should do instead.
I'm probably missing something here, but would a simple firewall not work?
#2 seems drastic to me, and #1 could be amended to mention the need for
a firewall instead..
Kiall Mac Innes
HP Cloud Services - DNSaaS
Mobile: +353 86 345 9333
Landline: +353 1 524 2177
GPG: E9498407
More information about the Openstack
mailing list