[Openstack] State of OpenStack Auth
Soren Hansen
soren at ubuntu.com
Tue Mar 1 20:47:00 UTC 2011
2011/3/1 Eric Day <eday at oddments.org>:
> Signature based auth such as EC2 should also always require
> a secure channel too, but if not attacks are less severe since they
> are limited to reply attacks only (the request and parameters are used
> as part of the signature).
Just a note: The request also includes a timestamp and an expiration
field, so replay attacks are only possible within a certain
(user-defined) timeframe.
--
Soren Hansen
Ubuntu Developer http://www.ubuntu.com/
OpenStack Developer http://www.openstack.org/
More information about the Openstack
mailing list