On Wed 19 Feb 2014 10:29:32 AM MST, Dougal Matthews wrote: > On 19/02/14 17:10, Ladislav Smola wrote: >> Hello, >> >> I would like to have your opinion about how to deal with passwords in >> Tuskar-API >> >> The background is, that tuskarAPI is storing heat template parameters in >> its database, it's a >> preparation for more complex workflows, when we will need to store the >> data before the actual >> heat stack-create. >> >> So right now, the state is unacceptable, we are storing sensitive >> data(all the heat passwords and keys) >> in a raw form in the TuskarAPI database. That is wrong right? > > I agree, this situation needs to change. > > I'm +1 for not storing the passwords if we can avoid it. This would > apply to all situations and not just Tuskar. > > The question for me, is what passwords will we have and when do we > need them? Are any of the passwords required long term. > > If we do need to store passwords it becomes a somewhat thorny issue, > how does Tuskar know what a password is? If this is flagged up by the > UI/client then we are relying on the user to tell us which isn't wise. > > _______________________________________________ > OpenStack-dev mailing list > [email protected] > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Would it be possible to create some token for use throughout? Forgive my naivete. -- Jason E. Rist Senior Software Engineer OpenStack Management UI Red Hat, Inc. +1.720.256.3933 Freenode: jrist github/identi.ca: knowncitizen _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
