On Tue, Apr 23, 2019 at 10:05 AM Ben Nemec <openstack@nemebean.com> wrote:
Assuming you have permission to make the API call in the first place, wouldn't you be able to determine the defaults based on the results of the API call anyway? As in, I create a network and don't pass any value for the shared attribute, then I look at the created network and see that shared is False by default.
that makes reasonable sense to me, and i would imagine something similar.
Maybe there are defaults that aren't so easily observable, but in general I wouldn't consider them sensitive data. However, I am not a security guru so take my opinion for what it's worth.
yeah, for me this is where i would rather a neutron expert respond. i would like to agree with your reasoning as it makes good sense, and i think this is a relatively minor issue, but i am just not fully aware of the extent. i don't want to make this into a bigger issue than it is, i'm just pointing it out for greater inspection. it sounds like this is a minor issue and most likely won't cause any security risk. peace o/