[Openstack] Privacy concern: Reseller admins being able to manipulate files from every account
Rostyslav Slipetskyy
rslipetskyy at yahoo.com
Fri May 6 18:14:23 UTC 2011
I have asked this on launchpad, but since there was no answer I repost my
question here.
Once reseller admin knows the URL of storage account, he gets total control over
the files of that account (read files, delete files, etc.)
At the very least this violates privacy of the users who store their files in
swift.
Of course, sensitive information might have been encrypted before adding to
swift, but I still wonder whether there was any reason to give such huge
permissions for reseller admins?
By the way, the documentation does not mention the fact that reseller admins
have such broad permissions. It is only stated that "Admin users can do anything
within the account." However, Reseller Admins can do anything within ANY account
Sincerely,
Rostyslav
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20110506/0462cfdc/attachment.html>
More information about the Openstack
mailing list