On Sun, Nov 30, 2014 at 08:29:27PM -0500, Rahul Sundaram wrote: > Hi > > On Sun, Nov 30, 2014 at 1:36 PM, Lars Seipel wrote: > > > > > > There's also OpenNebula (^ONE_) and Vmware (^VI_) doing the same. Seems > > to be pretty common with virt and cloud stuff. Apart from that I can't > > think of anything else right now. > > > Rackspace, DigitalOcean, Google Computing Engine etc have API info > potentially exported in the environment as well. This is going to be quite > tedious to filter out but just in case you want to blacklist them, you > want to blacklist the following > > NOVA_* > DO_* > APPID_*
It looks like they inherited this habit from Amazon ... For the avoidance of doubt, putting authentication information into the environment is a bad, insecure practice. Any other local user can immediately see it using 'ps axewwww'. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
