Issue #1489 has been updated by James Turnbull. Target version changed from Rowlf to Statler
---------------------------------------- Feature #1489: More security with remote filebuckets http://projects.reductivelabs.com/issues/1489 Author: Lawrence Ludwig Status: Accepted Priority: Low Assigned to: Category: fileserving Target version: Statler Affected version: 0.24.4 Keywords: filebucket Branch: Right now the remote filebucket is too limiting. The biggest issue is security with files uploaded to puppetmater's filebucket. In our case different clients have access to different VPS instances. They should not be able to see or get info from the puppetmaster. If using the filebucket setup and storing files, another server/VPS could gain access to those stored files. Meaning the files stored are not tied to the server, so only that server can retrieve it from the filebucket ie node00 stores a file on the puppetmaster <pre> $ filebucket backup /etc/passwd --server=puppet /etc/passwd: 429b225650b912a2ee067b0a4cf1e949 </pre> node01 can retrieve the file if it knows the md checksum. <pre> $ filebucket restore /tmp/passwd 429b225650b912a2ee067b0a4cf1e949 --server=puppet </pre> Granted guessing md checksum is pretty hard, but I'm assuming they can get that info from a log file. This is BAD and the file retrieved could have sensitive information. I propose the filebucket stores also the node the files came from and a possible option to allow selected clients to retrieve info not matching their cert. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
