Hi Folks, I'm still processing all this information - thanks for your help!
--Pino On Wed, Oct 4, 2017 at 7:58 AM, Jeremy Stanley <[email protected]> wrote: > On 2017-10-04 10:47:02 +0100 (+0100), Luke Hinds wrote: > [...] > > The recommendation is not to use metadata for security sensitive > > data (its possible to spoof by setting a X-Forwarded header), > > please see the following OpenStack Security Note on the topic: > > > > https://wiki.openstack.org/wiki/OSSN/OSSN-0074 > > Well, it's possible as long as the environment is badly > designed/configured: you deployed nova to expect a proxy, but then > gave guest instances a way to reach the metadata API without going > through that proxy. So while it's definitely a risk to be aware of, > it come pretty close to the need Sean mentions for "solid network > security on the path between your guests and your nova-API." > -- > Jeremy Stanley > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: [email protected]?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
