cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daan Hoogland (JIRA)" <>
Subject [jira] [Updated] (CLOUDSTACK-418) Separate API endpoints for Admin/End user APIs
Date Mon, 06 Feb 2017 10:29:42 GMT


Daan Hoogland updated CLOUDSTACK-418:
    Labels: considerForGsoc  (was: )

> Separate API endpoints for Admin/End user APIs
> ----------------------------------------------
>                 Key: CLOUDSTACK-418
>                 URL:
>             Project: CloudStack
>          Issue Type: Improvement
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: API
>    Affects Versions: 4.0.0
>            Reporter: Clement Chen
>              Labels: considerForGsoc
> For security reasons customers might want to block remote access to root admin APIs or
limit access to domain admin APIs to certain IP addresses.
> It can be easily done on WAF if we have separate API endpoints for root admin/domain
admin/end user APIs. For example, in case of VMWare vCloud Director, APIs accessible only
to system admins are under http://hostname/cloud/api/1.0/admin/extension and this can be easily
blocked on a WAF.
> We should consider separating API endpoints for admin/end user APIs. 

This message was sent by Atlassian JIRA

View raw message