[Openstack-security] [openstack/keystone] SecurityImpact review request change If5229d89a39dca952dee3b1c4cbf3b34b8afa95b
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Aug 29 15:10:18 UTC 2013
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/43257
Log:
commit 8296ce890154c6680a4cfb890a2f81b4a0aadbe0
Author: Henry Nash <henryn at linux.vnet.ibm.com>
Date: Sun Aug 11 10:26:31 2013 +0100
Implement filter support in driver backends
Currently filtering is only done at the controller level, leading to
performanse issues since we are not using native filtering capabilities
of any of the underlying backends (e.g. SQL, LDAP). This patch enables
such support.
It also provides an optional limit to the number of rows that will be
returned by a backend. Further, it provides the framework upon which
we might implement paging in the backends (although such implementation
will be part of a different patch).
Limitations:
- The LDAP backend does not yet support for filtering, leaving it to the
controller level. LDAP support will be added in a separate patch
- The inexact filters are disabled, pending api review of the changes,
which is targeted for IceHouse
- Filtering for service, endpoint and policy is left at the controller
level, since these operations are not considered performance issues.
SecurityImpact: Please review for Potential for Sql Injection attacks.
DocImpact
Implements bp filtering-backend-support
Change-Id: If5229d89a39dca952dee3b1c4cbf3b34b8afa95b
More information about the Openstack-security
mailing list