[Openstack] [Heat] Locked Outputs
Andrew Plunk
andrew.plunk at RACKSPACE.COM
Wed Nov 13 03:08:41 UTC 2013
Alright.
The problem:
----------------
If a program generates a password, and displays it on a screen over and over again, it is more susceptible to being compromised.
Possible solutions:
----------------
1).Provide a way to limit the availability of stack outputs returned from heat.
2).Provide a way to express metadata about stack outputs returned from heat.
________________________________________
From: Clint Byrum [clint at fewbar.com]
Sent: Tuesday, November 12, 2013 8:46 PM
To: openstack
Subject: Re: [Openstack] [Heat] Locked Outputs
Excerpts from Andrew Plunk's message of 2013-11-12 17:24:25 -0800:
> Thanks for reiterating that Zane. The problem I have is I want to display generated passwords once, and only once in a ui. I want the ability to flag or conditionally display outputs based on conditions.
>
A problem is stated with a cause and an effect "Users may lose control of
the UI after the first time outputs are displayed, leading to credential
compromise".
Another example: "English encourages use of overloaded terms which
can be ambiguous, requiring multiple iterations to communicate ideas
effectively."
Solution: "I want to define terms more clearly before using them in
sentences."
"I want to ..." is a _solution_.
Maybe we can try one more time?
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack at lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
More information about the Openstack
mailing list