deltacloud-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Lutterkort <lut...@redhat.com>
Subject Re: Initial OpenStack minitest
Date Thu, 06 Sep 2012 22:45:09 GMT
On Sun, 2012-09-02 at 04:41 +1000, Justin Clift wrote:
> On 30/08/2012, at 9:25 AM, David Lutterkort wrote:
> > On Mon, 2012-08-27 at 14:57 +0200, mfojtik@redhat.com wrote:
> >> This patch include migrated OpenStack tests to use MiniTest.
> > 
> > ACK; I was going to remark that the tests should read credentials from
> > the config file - there's a bigger issue with the OpenStack API though
> > in that it records the password in the clear in the request body.
> 
> Well, the obvious alternative is some form of good hashing, but does the
> API support that?
> 
> If not, how much effort to add it?  Security being *very* important and
> all. ;>

I am not sure, and I haven't dug into how OpenStack does its thing, and
how htey are planning to change it - it was really more of an offhand
observation (if you follow up with the OpenStack folks, I'd love to hear
if there are other ways than sending the password in the clear ;)

David



Mime
View raw message