5:20 PM
*To:* OpenStack Development Mailing List
*Subject:* Re: [openstack-dev] [Nova][Horizon] Is there precedent for
validating user input on data types to APIs?
Hi Matt,
Given that the Nova API is public, this needs to be validated in the
API, otherwise the security guys are unhappy.
Of cours
[mailto:d...@dmllr.de]
Sent: Sunday, July 14, 2013 5:20 PM
To: OpenStack Development Mailing List
Subject: Re: [openstack-dev] [Nova][Horizon] Is there precedent for validating
user input on data types to APIs?
Hi Matt,
Given that the Nova API is public, this needs to be validated in the API,
otherwise
Hi Matt,
Given that the Nova API is public, this needs to be validated in the API,
otherwise the security guys are unhappy.
Of course the API shouldn't get bad data in the first place. That's a bug
in nova client. I have sent reviews for both code fixes but I've not seen
any serious reaction or a
I'm triaging nova bug 1199539 and trying to determine if this should be
routed to Horizon, checked in the nova API layer, or just rejected as a
usage error. In this case, the DB excepts an integer but an empty string
is being passed in from the user via Horizon. I don't know if Horizon is
doi