deltacloud-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Toby Crawley <>
Subject Re: Dynamic selection of driver
Date Fri, 12 Nov 2010 16:44:16 GMT
On 11/12/2010 10:54 AM, Jim Jagielski wrote:
> On Nov 12, 2010, at 10:42 AM, Toby Crawley wrote:
>> Yes, ssl is not the only solution, but adds end to end security over the entire request,
without adding complexity to the deltacloud code. I don't see a deltacloud service getting
enough traffic to justify worrying about ssl overhead, and I would be more worried about someone
extracting my cloud credentials, or munging the actual request itself than altering the driver
or endpoint headers.
> So it's either "trust nothing" or "trust everything"? :) Methinks that there's
> a middle ground somewhere in there *grin*

Sure, there is a middle ground. My point is that if someone has the ability to munge my headers,
then they have access to my cloud 
credentials, which is a much larger problem IMO.

View raw message