incubator-libcloud mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "dave b ^^ (JIRA)" <j...@apache.org>
Subject [libcloud] [jira] Commented: (LIBCLOUD-55) this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.
Date Wed, 29 Sep 2010 19:59:33 GMT

    [ https://issues.apache.org/jira/browse/LIBCLOUD-55?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12916268#action_12916268
] 

dave b ^^ commented on LIBCLOUD-55:
-----------------------------------

imho you are doing only your users harm by closing this bug here.
You should at least least keep the issue open until such time as it is fixed.
You are vulnerable lets not kid around :)


> this python project is vulnerable to MITM as it fails to verify the ssl validity of the
remote destination.
> -----------------------------------------------------------------------------------------------------------
>
>                 Key: LIBCLOUD-55
>                 URL: https://issues.apache.org/jira/browse/LIBCLOUD-55
>             Project: Libcloud
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 0.4.0
>            Reporter: dave b ^^
>            Assignee: Jed Smith
>
> this python project is vulnerable to MITM as it fails to verify the ssl validity of the
remote destination.
> urllib / urllib2, httplib.SHTTPConnection do not verify ssl at all by default.
> from base.py
> class ConnectionKey(object):
> """ A Base Connection class to derive from.
> """ conn_classes = (httplib.HTTPConnection, httplib.HTTPSConnection)
> .... def connect(self, host=None, port=None):
> ..... connection = self.conn_classesself.secure
> this request can be MITMed leading to the compromise of a users API key - where a secured
https connection was requested, but can be MITM'ed.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message