On 2018-06-27 12:37:43 -0400 (-0400), Jay Pipes wrote: [...] > the hostId was not, in fact, the host identifier, but rather a > SHA-224 hash of the host and project_id. [...]
Oh, that's slick. Yeah, it would basically take brute-forcing the UUID space to divine the actual host identifier from that (you could use it to confirm a known identifier, but not easily discover it). I too am not concerned about security in light of this, though it does open the door to users doing things like booting and deleting instances until they get one scheduled to a compute node they like (for whatever reason, be it affinity, anti-affinity, et cetera). -- Jeremy Stanley
signature.asc
Description: PGP signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev