cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Nalley <>
Subject Re: Security aspects of CloudStack console access
Date Sat, 21 Apr 2012 01:24:02 GMT
To make sure that I understand this.....

On Fri, Apr 20, 2012 at 8:58 PM, Kelven Yang <> wrote:

>        a) Passing access token.
>        We originally rely on management server secured web session to protect the
access info, the access info appears in clear text in browser url. A lot of people have raised
concerns of this. To address the concern, we now wrap the access information into an DES encrypted
access token, DES encryption key is randomly generated at per CloudStack installation basis.
The DES encryption key will also be passed to console service VM via our SSL-enabled agent/management
server channel so that service VM would be able to continue performing security validation
after management server has gone out of the picture.

The issue was that we were shipping the default configuration sans SSL
enabled, but expecting that folks who cared about security would
enable SSL?
This token is different from the auth token that is generated from the
login call right? Unique to each console session (e.g. if I opened a
session on the same VM twice, I'd get two tokens?)

> Access token is also time-stamped by management server. Session authentication should
happen within the time period, otherwise, access will be declined. If management service is
running as a management server cluster, all management server instances have to be time-synced.

This is done by the expiration argument to the API call to setup the
session? Speaking of, I know we talked about adding that expiration
value as part of the 3.0.0 release, but I can't find any reference to
it in the API docs, Release Notes, or the API developers guide.

View raw message