On Mon, 2011-07-18 at 16:02 -0500, John Dickinson wrote: > The security implications are tied to what credentials as user gets from the > auth server you are using. The possibility is that a user could delete their > own account (or even another user's account) or create new accounts. > Disabling allow_account_management eliminates these issues by disabling the > functionality. > > There are no formal docs of this part of the API. It's quite simple though: > PUT/POST/GET/HEAD/DELETE to /v1/"your account string"
That's up to your auth middleware. ie. we have a super admin user, account admins and per container user with ro/rw permissions; and only the super admin can get authenticated to run a PUT/DELETE request on an account. If you're going to deploy swift you probably will need to plug it in your infrastructure: accounting, billing, monitoring, ... and of course authentication/authorization. Swift architecture it's perfect for that thanks to paste because you can easily add any middleware you want to provide that "coupling". It's a good feature that we can disable account creation though :) Regards, Juan -- Juan J. Martinez Development, MEMSET mail: [email protected] web: http://www.memset.com/ Memset Ltd., registration number 4504980. 25 Frederick Sanger Road, Guildford, Surrey, GU2 7YD, UK. _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
