On 11/12/2010 10:54 AM, Jim Jagielski wrote:
On Nov 12, 2010, at 10:42 AM, Toby Crawley wrote:
Yes, ssl is not the only solution, but adds end to end security over the entire
request, without adding complexity to the deltacloud code. I don't see a
deltacloud service getting enough traffic to justify worrying about ssl
overhead, and I would be more worried about someone extracting my cloud
credentials, or munging the actual request itself than altering the driver or
endpoint headers.
So it's either "trust nothing" or "trust everything"? :) Methinks that there's
a middle ground somewhere in there *grin*
Sure, there is a middle ground. My point is that if someone has the ability to munge my headers, then they have access to my cloud
credentials, which is a much larger problem IMO.
