[
https://issues.apache.org/jira/browse/CLOUDSTACK-3342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Animesh Chaturvedi updated CLOUDSTACK-3342:
-------------------------------------------
ACS 4.3,0 feature freeze is Nov 8th. I will cut the 4.3 branch from master on
that day. Please provide an update on your issue as a comment.
> Object_Store_Refactor - S3 "Secret Key" must not be visible in the UI after
> S3 Object store creation.
> -----------------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-3342
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3342
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Components: UI
> Affects Versions: 4.2.0
> Reporter: Thomas O'Dowd
> Assignee: Min Chen
> Labels: s3, security
>
> 1. Login to a freshly deployed devcloud server.
> 2. Click Infrastructure
> 3. Click secondary Storage
> 4. Remove NFS
> 5. Add new S3 Secondary Storage (anything will do for this bug as its a
> display bug)
> 6. Re-visit secondary storage and click on the S3 storage you created.
> Expectation:
> You can NOT see the "secret key".
> Actual:
> You can see all the details of the S3 object store including the "secret key".
> The secret key is like a password. Anyone knowing the secret key can
> upload/delete etc from the S3 store. It should not be available easily in my
> opinion. I guess its easily available in the database anyway but lets keep it
> out of the browser after its been input. It can be displayed using ***.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
