[Openstack-security] [openstack/python-keystoneclient] SecurityImpact review request change If9da3cbd0d5134961197c7387c7b39071bbf71b1
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Mar 20 03:55:36 UTC 2014
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/81695
Log:
commit 58f9999116f575c404668a3fbc4d560d3db7f86c
Author: Jamie Lennox <jamielennox at redhat.com>
Date: Thu Mar 20 13:48:27 2014 +1000
Add an exclude option to AuthToken middleware
Allow certain paths to be excluded from the auth_token middleware check.
The primary use I see for this option is version discovery URLs. We
recommend that version discover urls (eg /, /v1, /v2) are accessible
unauthenticated however the auth_token middleware is an all or nothing
approach and will secure all requests that pass through it.
This is an option I would see being set in a paste file or similar -
rather than something that would be configured by an end
user/administrator.
SecurityImpact
DocImpact: New option 'exclude' to auth_token middleware settings which
will take a regular expression and, if it matches the path, allow a
request to proceed unauthenticated.
Change-Id: If9da3cbd0d5134961197c7387c7b39071bbf71b1
More information about the Openstack-security
mailing list