[openstack-dev] Lack of quota - security bug or not?

Jay Pipes jaypipes at gmail.com
Wed Dec 10 20:34:57 UTC 2014


On 12/10/2014 02:43 PM, George Shuklin wrote:
> I have some small discussion in launchpad: is lack of a quota for
> unprivileged user counted as security bug (or at least as a bug)?
>
> If user can create 100500 objects in database via normal API and ops
> have no way to restrict this, is it OK for Openstack or not?

That would be a major security bug. Please do file one and we'll get on 
it immediately.

Thanks,
-jay



More information about the OpenStack-dev mailing list