On 11/29/2012 03:50 AM, Avishay Traeger wrote: > > Hi all, > Currently, CHAP secrets are managed by Cinder, and passed to Nova for use > when attaching volumes. This means that unless the communication is > encrypted, or a separate trusted network is used, CHAP secrets can be > sniffed on the wire. > Opinions?
In the future, if you suspect something is a security issue (vulnerability), the public mailing list isn't the best place to report it. :-) Please use a private bug on launchpad, or send someone on the vulnerability management team an encrypted email. http://www.openstack.org/projects/openstack-security/ In this case, I don't think there is a problem here. A lot of sensitive information is passed around between services, via both messaging and the REST APIs. It is certainly important to protect these communications via the means you mentioned (trusted network, encryption). -- Russell Bryant _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
