cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Min Chen <min.c...@citrix.com>
Subject Re: [DISCUSS] Removing template URL format checking logic
Date Mon, 11 Aug 2014 16:54:10 GMT
Yes, I have filed and fixed that bug a month ago.

Thanks
-min

On 8/10/14 10:39 PM, "Harikrishna Patnala"
<harikrishna.patnala@citrix.com> wrote:

>Hi Rohit,
>
>This was already fixed for templates
>https://issues.apache.org/jira/browse/CLOUDSTACK-6940
>
>We have to do the same for registering ISOs as well.
>
>
>Thanks,
>Harikrishna
>
>On 08-Aug-2014, at 11:20 pm, Rohit Yadav <rohit.yadav@shapeblue.com>
>wrote:
>
>> Hi,
>> 
>> With reference to https://issues.apache.org/jira/browse/CLOUDSTACK-5512
>>Marcus and I think we should remove the template URL format checking
>>logic because:
>> 
>> - It does not handle pre-signed URL (say something that does not end
>>with .vhd etc, but has bunch of http params)
>> - One can game the system by say renaming any file to respective format
>> - We dumb down, take whatever URL user gives and use the format they
>>specify in their register template API call
>> 
>> Marcus also notes that TemplateUtils utility would validate selected
>>format.
>> 
>> Please discuss if you¹ve any use-case that can get affected by this?
>> 
>> Regards,
>> Rohit Yadav
>> Software Architect, ShapeBlue
>> M. +41 779015219 | rohit.yadav@shapeblue.com
>> Blog: bhaisaab.org | Twitter: @_bhaisaab
>> 
>> 
>> 
>> Find out more about ShapeBlue and our range of CloudStack related
>>services
>> 
>> IaaS Cloud Design &
>>Build<http://shapeblue.com/iaas-cloud-design-and-build//>
>> CSForge ­ rapid IaaS deployment framework<http://shapeblue.com/csforge/>
>> CloudStack Consulting<http://shapeblue.com/cloudstack-consultancy/>
>> CloudStack Infrastructure
>>Support<http://shapeblue.com/cloudstack-infrastructure-support/>
>> CloudStack Bootcamp Training
>>Courses<http://shapeblue.com/cloudstack-training/>
>> 
>> This email and any attachments to it may be confidential and are
>>intended solely for the use of the individual to whom it is addressed.
>>Any views or opinions expressed are solely those of the author and do
>>not necessarily represent those of Shape Blue Ltd or related companies.
>>If you are not the intended recipient of this email, you must neither
>>take any action based upon its contents, nor copy or show it to anyone.
>>Please contact the sender if you believe you have received this email in
>>error. Shape Blue Ltd is a company incorporated in England & Wales.
>>ShapeBlue Services India LLP is a company incorporated in India and is
>>operated under license from Shape Blue Ltd. Shape Blue Brasil
>>Consultoria Ltda is a company incorporated in Brasil and is operated
>>under license from Shape Blue Ltd. ShapeBlue SA Pty Ltd is a company
>>registered by The Republic of South Africa and is traded under license
>>from Shape Blue Ltd. ShapeBlue is a registered trademark.
>


Mime
View raw message