cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daan Hoogland (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (CLOUDSTACK-418) Separate API endpoints for Admin/End user APIs
Date Mon, 06 Feb 2017 10:29:42 GMT

     [ https://issues.apache.org/jira/browse/CLOUDSTACK-418?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Daan Hoogland updated CLOUDSTACK-418:
-------------------------------------
    Labels: considerForGsoc  (was: )

> Separate API endpoints for Admin/End user APIs
> ----------------------------------------------
>
>                 Key: CLOUDSTACK-418
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-418
>             Project: CloudStack
>          Issue Type: Improvement
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: API
>    Affects Versions: 4.0.0
>            Reporter: Clement Chen
>              Labels: considerForGsoc
>
> For security reasons customers might want to block remote access to root admin APIs or
limit access to domain admin APIs to certain IP addresses.
> It can be easily done on WAF if we have separate API endpoints for root admin/domain
admin/end user APIs. For example, in case of VMWare vCloud Director, APIs accessible only
to system admins are under http://hostname/cloud/api/1.0/admin/extension and this can be easily
blocked on a WAF.
> We should consider separating API endpoints for admin/end user APIs. 



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message