cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Wilder Rodrigues (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (CLOUDSTACK-6252) Host password is stored in the database in the clear
Date Wed, 01 Jul 2015 13:10:04 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-6252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13965024#comment-13965024
] 

Wilder Rodrigues edited comment on CLOUDSTACK-6252 at 7/1/15 1:09 PM:
----------------------------------------------------------------------

Changed severity from Major to Minor because it's related to unclear documentation.
Changed from Bug to Improvement because it would be nice to have it automated.


was (Author: wilder.rodrigues):
Changed severity from Major to Minor because it's related to unclear documentation.
Changed from Bug to Improvement be cause it would be nice to have it automated.

> Host password is stored in the database in the clear
> ----------------------------------------------------
>
>                 Key: CLOUDSTACK-6252
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-6252
>             Project: CloudStack
>          Issue Type: Improvement
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: Management Server
>    Affects Versions: Future
>         Environment: Management Server running on Debian 7
> DevCloud running on XenServer 6.2
>            Reporter: Wilder Rodrigues
>            Assignee: Wilder Rodrigues
>            Priority: Minor
>
> Via the Management Server UI, when creating an advanced Zone and adding a host to it,
the host password is stored in the database in the clear.
> All passwords should be encrypted before stored.
> Check details below:
> mysql> select * from host_details;
> +----+---------+----------------------------------------------------+----------------------------------------+
> | id | host_id | name                                               | value         
                        |
> +----+---------+----------------------------------------------------+----------------------------------------+
> |  1 |       1 | product_version                                    | 6.2.0         
                        | 
> |  2 |       1 | com.cloud.network.Networks.RouterPrivateIpStrategy | DcGlobal      
                        | 
> |  3 |       1 | private.network.device                             | Pool-wide network
associated with eth0 | 
> |  4 |       1 | Hypervisor.Version                                 | 4.1.5         
                        | 
> |  5 |       1 | Host.OS                                            | XenServer     
                        | 
> |  6 |       1 | Host.OS.Kernel.Version                             | 2.6.32.43-0.4.1.xs1.8.0.835.170778xen
 | 
> |  7 |       1 | wait                                               | 600           
                        | 
> |  8 |       1 | password                                           | changeme      
                        | 
> |  9 |       1 | url                                                | 10.1.1.203    
                        | 
> | 10 |       1 | username                                           | root          
                        | 
> | 11 |       1 | xs620_snapshot_hotfix                              | false         
                        | 
> | 12 |       1 | product_brand                                      | XenServer     
                        | 
> | 13 |       1 | product_version_text_short                         | 6.2           
                        | 
> | 14 |       1 | Host.OS.Version                                    | 6.2.0         
                        | 
> | 15 |       1 | instance.name                                      | VM            
                        | 
> +----+---------+----------------------------------------------------+----------------------------------------+



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message