cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (CLOUDSTACK-9099) SecretKey is returned from the APIs
Date Sun, 03 Jan 2016 18:35:39 GMT


ASF GitHub Bot commented on CLOUDSTACK-9099:

Github user DaanHoogland commented on the pull request:
    @kansal I don't agree that making noise first is the way to go. We should disable the
return of the key first and document it. Security demands that we play it that way. We can
allow users to enable this insecure bahaviour by setting a flag somewhere but it should not
be default and catch the unaware users of guard. It will be work in the integration tests
but that just will have to happen.

> SecretKey is returned from the APIs
> -----------------------------------
>                 Key: CLOUDSTACK-9099
>                 URL:
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>            Reporter: Kshitij Kansal
>            Assignee: Kshitij Kansal
> The sercreKey parameter is returned from the following APIs:
> createAccount
> createUser
> disableAccount
> disableUser
> enableAccount
> enableUser
> listAccounts
> listUsers
> lockAccount
> lockUser
> registerUserKeys
> updateAccount
> updateUser

This message was sent by Atlassian JIRA

View raw message