incubator-deltacloud-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Toby Crawley <tcraw...@redhat.com>
Subject Re: Dynamic selection of driver
Date Fri, 12 Nov 2010 15:04:28 GMT
On 11/12/2010 09:29 AM, Jim Jagielski wrote:
>
> On Nov 11, 2010, at 8:21 PM, David Lutterkort wrote:
>> Toby actually experimented with this (wanna share your patch, Toby ?).
>> To me, the cleanest way to enable dynamic selection of the driver is to
>> select the driver through add'l HTTP headers. For example, by sending
>>
>>         X-Deltacloud-Driver: ec2
>>         X-Deltacloud-Endpoint: https://eu-west-1.ec2.amazonaws.com/
>>
>>
>
> Sounds good, but shouldn't there be some sort of auth mechanism
> to "verify" that an authorized entity set those headers?
>

If we suspect the source of the headers, we should suspect any data in the request. If an
entity can munge headers, it can munge anything 
else in the request - the requests currently have no signing mechanism. If this type of security
is a concern, the deltacloud server should 
be accessed via https. The client is based on RestClient, so should support https out of the
box if deltacloud is running with a valid 
certificate. If using a self signed certificate, the client would probably need to be modified
to not validate the server cert, or given the 
CA for the server cert so it can validate.

Toby

Mime
View raw message