incubator-libcloud mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "dave b ^^ (JIRA)" <j...@apache.org>
Subject [libcloud] [jira] Commented: (LIBCLOUD-55) this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.
Date Wed, 29 Sep 2010 20:08:36 GMT

    [ https://issues.apache.org/jira/browse/LIBCLOUD-55?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12916275#action_12916275
] 

dave b ^^ commented on LIBCLOUD-55:
-----------------------------------

OH sorry I missed the modifications you made to the software. Well my previous comment still
holds ... 

> this python project is vulnerable to MITM as it fails to verify the ssl validity of the
remote destination.
> -----------------------------------------------------------------------------------------------------------
>
>                 Key: LIBCLOUD-55
>                 URL: https://issues.apache.org/jira/browse/LIBCLOUD-55
>             Project: Libcloud
>          Issue Type: Bug
>          Components: Core
>    Affects Versions: 0.4.0
>            Reporter: dave b ^^
>            Assignee: Jed Smith
>
> this python project is vulnerable to MITM as it fails to verify the ssl validity of the
remote destination.
> urllib / urllib2, httplib.SHTTPConnection do not verify ssl at all by default.
> from base.py
> class ConnectionKey(object):
> """ A Base Connection class to derive from.
> """ conn_classes = (httplib.HTTPConnection, httplib.HTTPSConnection)
> .... def connect(self, host=None, port=None):
> ..... connection = self.conn_classesself.secure
> this request can be MITMed leading to the compromise of a users API key - where a secured
https connection was requested, but can be MITM'ed.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message