> -----Original Message----- > From: Sean Dague [mailto:s...@dague.net] > Sent: 02 February 2015 16:19 > To: openstack-dev@lists.openstack.org > Subject: Re: [openstack-dev] [Product] [all][log] Openstack HTTP error codes > > On 02/01/2015 06:20 PM, Morgan Fainberg wrote: > > Putting on my "sorry-but-it-is-my-job-to-get-in-your-way" hat (aka > security), let's be careful how generous we are with the user and data we > hand back. It should give enough information to be useful but no more. I > don't want to see us opened to weird attack vectors because we're exposing > internal state too generously. > > > > In short let's aim for a slow roll of extra info in, and evaluate each data > > point > we expose (about a failure) before we do so. Knowing more about a failure is > important for our users. Allowing easy access to information that could be > used to attack / increase impact of a DOS could be bad. > > > > I think we can do it but it is important to not swing the pendulum too far > the other direction too fast (give too much info all of a sudden). > > Security by cloud obscurity? > > I agree we should evaluate information sharing with security in mind. > However, the black boxing level we have today is bad for OpenStack. At a > certain point once you've added so many belts and suspenders, you can no > longer walk normally any more.
++ > > Anyway, lets stop having this discussion in abstract and actually just > evaluate > the cases in question that come up. ++ - Erno > > -Sean > > -- > Sean Dague > http://dague.net > > __________________________________________________________ > ________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev- > requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
