subject:"\[openstack\-dev\] \[Openstack\] \[OSSN\-0074\] Nova metadata service should not be used for sensitive information"

Re: [openstack-dev] [Openstack] [OSSN-0074] Nova metadata service should not be used for sensitive information

2017-01-19 Thread Jeremy Stanley

On 2017-01-19 09:34:21 -0500 (-0500), Steve Gordon wrote: [...] > Does this configuration directive provide any mitigation for this > issue?: > > "use_forwarded_for = False (BoolOpt) Treat X-Forwarded-For > as the canonical remote address. Only enable this if you have a > sanitizing

Re: [openstack-dev] [Openstack] [OSSN-0074] Nova metadata service should not be used for sensitive information

2017-01-19 Thread Steve Gordon

- Original Message - > From: "Luke Hinds" > To: openst...@lists.openstack.org, openstack-dev@lists.openstack.org > Sent: Monday, December 19, 2016 4:26:24 AM > Subject: [Openstack] [OSSN-0074] Nova metadata service should not be used for > sensitive information > >