Sanjeev N created CLOUDSTACK-3323:
-------------------------------------

             Summary: [Object_Store_Refactor] URL provided by extract template 
command should not contain AccessKeyId
                 Key: CLOUDSTACK-3323
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3323
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server
    Affects Versions: 4.2.0
         Environment: Latest build from master branch
            Reporter: Sanjeev N
            Priority: Critical
             Fix For: 4.2.0


Extract template command on a template which is stored in S3 bucket provides 
the URL in the following format:

 Pre-Signed URL = 
http://10.147.29.57:8080/imagestore/template%2Ftmpl%2F1%2F5%2Fcentos56-x86_64-xen%2Fcentos56-x86_64.vhd.bz2?Expires=1372787604&AWSAccessKeyId=9M7I6JPYZHDNLG43TWCD&Signature=lP%2BwQtqY6E%2B3qWQR3ZKIE4wIEHY%3D

The URL provided to download the template contains AccessKeyId of the S3 bucket 
but it should not be exposed to the CS User.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to