On Thu, Nov 27, 2014 at 3:54 PM, Alireza Eskandari < astro.alir...@yahoo.com.invalid> wrote:
> HiI viewed the bash script that resets Linux password ( > http://download.cloud.com/templates/4.2/bindir/cloud-set-guest-password.in)It > seems that it doesn't use a secure way for transferring password string to > instance.Instances on a shared network can sniff password requests and > export requested password of other instances.I suggest to use SSL (https) > instead of plan text.Regards > > I like the idea, but there's a couple of obstacles to overcome, namely which SSL certificates to use. - certificates need a subject name, ie. IP or hostname for web pages, you could solve this by making the mgmt server a CA and have each VR get a signed certificate by it, but it's complicated - if the community bundle a pre generated certificate it is commonly known and not to be trusted, also not sure how to handle subject name - assuming everyone to supply a valid certificate is quite complicated (CA must be on VR etc), and makes it considerably harder to get a working setup - using self signed causes issues with validation Don't get me wrong, I love the idea, but it's not just to flip a switch and have (proper) SSL in place. -- Erik
