[Openstack-security] Request to review OSSN
Nathanael Burton
nathanael.i.burton.work at gmail.com
Sat Dec 21 17:11:28 UTC 2013
I might be missing something obvious, but wouldn't making the VNC token
from nova-consoleauth a one-time use token solve this problem? I.e. once a
user successfully connects to their console with an authorized token it
won't work for future connections. Then the rate-limiting of the Nova API
would suffice, which should be presumed to already be in-place and
configured. Does that break other things?
Thanks,
Nate
On Dec 21, 2013 10:57 AM, "Sriram Subramanian" <sriram at sriramhere.com>
wrote:
> Dear Nathan, Rob, Bryan/ OSSG,
>
> Sorry for bothering during the holidays. When you get a chance, please
> review/ comment on the OSSN:
>
> https://wiki.openstack.org/wiki/OSSN/1227575
> https://bugs.launchpad.net/nova/+bug/1227575
>
> I wanted to know if links to some rate-limiting frameworks such as Repose
> would help. I am not sure if we can link 3rd party tools in OSSNs.
>
> Happy Holidays!
>
> Thanks,
> -Sriram
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131221/4d7e9c77/attachment.html>
More information about the Openstack-security
mailing list