On 7 August 2013 18:42, Uri Simchoni <[email protected]> wrote:
> > Looking at the http-based alternative, can it be made to be more secure? On > my OVS-based system I was able to easily steal the metadata of another > instance on the same network by changing my instance's IP address. It appears > to be suitable only for publishing things to instances, but not for sharing > secrets. The instance anti-spoofing rules should have prevented that - the fact you were able to change your instance ip (unless you fiddled behind nova's back in the neutron db) is a very unexpected and serious bug. As Scott says - file a bug. The HTTP alternative should be quite secure, though unless your overlay network is also encrypted there is room for someone with direct access to the infrastructure network to snoop metadata requests (or even forge them by arp spoofing your hypervisor hosts). So we should take care to improve that layer too, but it's not conceptually hard. And - someone with direct access to your infrastructure network is able to do many other nasty things indeed :) -Rob -- Robert Collins <[email protected]> Distinguished Technologist HP Converged Cloud _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
