I have asked this on launchpad, but since there was no answer I repost my
question here.
Once reseller admin knows the URL of storage account, he gets total control
over
the files of that account (read files, delete files, etc.)
At the very least this violates privacy of the users who store their files in
swift.
Of course, sensitive information might have been encrypted before adding to
swift, but I still wonder whether there was any reason to give such huge
permissions for reseller admins?
By the way, the documentation does not mention the fact that reseller admins
have such broad permissions. It is only stated that "Admin users can do
anything
within the account." However, Reseller Admins can do anything within ANY account
Sincerely,
Rostyslav
_______________________________________________
Mailing list: https://launchpad.net/~openstack
Post to : [email protected]
Unsubscribe : https://launchpad.net/~openstack
More help : https://help.launchpad.net/ListHelp
