[Openstack] API Security
Hao Wang
hao.1.wang at gmail.com
Tue Apr 29 13:06:19 UTC 2014
Adding security group...
On Sat, Apr 26, 2014 at 4:25 PM, Hao Wang <hao.1.wang at gmail.com> wrote:
> It is the client. I got this message with DEBUG enabled:
> curl -i 'http://192.168.56.103:35357/v2.0/tokens' -X POST -H
> "Content-Type: application/json" -H "Accept: application/json" -H
> "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "admin",
> "passwordCredentials": {"username": "admin", "password": "admin"}}}'
>
> It can be seen that username and password are right in the message.
>
> Hao
>
>
> On Sat, Apr 26, 2014 at 4:08 PM, Aaron Knister <aaron.knister at gmail.com>wrote:
>
>> Was it the client or the server that exposed the credentials?
>>
>> Sent from my iPhone
>>
>> On Apr 26, 2014, at 2:28 PM, Hao Wang <hao.1.wang at gmail.com> wrote:
>>
>> Hi,
>>
>> I am troubleshooting a neutron case. It was just found that if DEBUG was
>> enabled, neutron would print out JSON data with username and password. I am
>> wondering what kind of protocol is used in production environment to
>> prevent this security risk from happening.
>>
>> Thanks,
>> Hao
>>
>> _______________________________________________
>> Mailing list:
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to : openstack at lists.openstack.org
>> Unsubscribe :
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20140429/b11a11f2/attachment.html>
More information about the Openstack
mailing list