[Openstack-docs] [openstack/swift] DocImpact review request change I2bef64c2e1e4df8a612a5531a35721202deb6964

gerrit2 at review.openstack.org gerrit2 at review.openstack.org
Sat Nov 17 02:48:55 UTC 2012


Hi, I'd like you to take a look at this patch for potential
DocImpact.
https://review.openstack.org/16358

Log:
commit 357b12dc2ba7b19c66196a573ccb2489d2104b93
Author: Samuel Merritt <sam at swiftstack.com>
Date:   Fri Nov 16 17:05:37 2012 -0800

    Remove IP-based container-sync ACLs from auth middlewares.
    
    The determination of the client IP looked at the X-Cluster-Client-Ip
    and X-Forwarded-For headers in the incoming HTTP request. This is
    trivially spoofable by a malicious client, so there's no security
    gained by having the check there.
    
    Worse, having the check there provides a false sense of security to
    cluster operators. It sounds like it's based on the client IP, so an
    attacker would have to do IP spoofing to defeat it. However, it's
    really just a shared secret, and there's already a secret key set
    up. Basically, it looks like 2-factor auth (IP+key), but it's really
    1-factor (key).
    
    Now, the one case where this might provide some security is where the
    Swift cluster is behind an external load balancer that strips off the
    X-Cluster-Client-Ip and X-Forwarded-For headers and substitutes its
    own. I don't think it's worth the tradeoff, hence this commit.
    
    Fixes bug 1068420 for very small values of "fixes".
    
    DocImpact
    
    Change-Id: I2bef64c2e1e4df8a612a5531a35721202deb6964




More information about the Openstack-docs mailing list