[Trove] State of the Trove service tenant deployment model
Michael Richardson
michaelr at catalyst.net.nz
Tue Jan 22 18:21:00 UTC 2019
On Tue, Jan 22, 2019 at 07:29:25PM +1300, Zane Bitter wrote:
> Last time I heard (which was probably mid-2017), the Trove team had
> implemented encryption for messages on the RabbitMQ bus. IIUC each DB being
> managed had its own encryption keys, so that would theoretically prevent
> both snooping and spoofing of messages. That's the good news.
>
> The bad news is that AFAIK it's still using a shared RabbitMQ bus, so
> attacks like denial of service are still possible if you can extract the
> shared credentials from the VM. Not sure about replay attacks; I haven't
> actually investigated the implementation.
>
> cheers,
> Zane.
Excellent - many thanks for the confirmation.
Cheers,
Michael
More information about the openstack-discuss
mailing list