cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Animesh Chaturvedi (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CLOUDSTACK-3342) Object_Store_Refactor - S3 "Secret Key" must not be visible in the UI after S3 Object store creation.
Date Mon, 21 Oct 2013 21:46:01 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-3342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Animesh Chaturvedi updated CLOUDSTACK-3342:
-------------------------------------------


ACS 4.3,0 feature freeze is Nov 8th. I will cut the 4.3 branch from master on that day. Please
provide an update on your issue as a comment. 

> Object_Store_Refactor - S3 "Secret Key" must not be visible in the UI after S3 Object
store creation.
> -----------------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-3342
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3342
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: UI
>    Affects Versions: 4.2.0
>            Reporter: Thomas O'Dowd
>            Assignee: Min Chen
>              Labels: s3, security
>
> 1. Login to a freshly deployed devcloud server. 
> 2. Click Infrastructure 
> 3. Click secondary Storage 
> 4. Remove NFS 
> 5. Add new S3 Secondary Storage (anything will do for this bug as its a display bug)
> 6. Re-visit secondary storage and click on the S3 storage you created.
> Expectation:
> You can NOT see the "secret key". 
> Actual:
> You can see all the details of the S3 object store including the "secret key".
> The secret key is like a password. Anyone knowing the secret key can upload/delete etc
from the S3 store. It should not be available easily in my opinion. I guess its easily available
in the database anyway but lets keep it out of the browser after its been input. It can be
displayed using ***.



--
This message was sent by Atlassian JIRA
(v6.1#6144)

Mime
View raw message