[Bug 978963] [NEW] add release note that OpenStack should be used on a protected network
Jamie Strandboge
jamie at ubuntu.com
Wed Apr 11 14:19:42 UTC 2012
Public bug reported:
Much of OpenStack is hard-coded to use http instead of https. Of particular interest is keystone which is the identity service for OpenStack. https://wiki.ubuntu.com/PrecisePangolin/ReleaseNotes/UbuntuCloud should state that accessing OpenStack over an unprotected network may expose credentials and other information. This is true (at least) when:
* keystone is on a separate server from the other OpenStack components
* horizon (the OpenStack Dashboard) is on a different system than keystone
* users access OpenStack remotely
* users access horizon (the OpenStack dashboard) over http
Adding horizon and keystone tasks.
** Affects: ubuntu-release-notes
Importance: Undecided
Status: New
** Affects: horizon (Ubuntu)
Importance: High
Status: Triaged
** Affects: keystone (Ubuntu)
Importance: High
Status: Triaged
** Affects: horizon (Ubuntu Precise)
Importance: High
Status: Triaged
** Affects: keystone (Ubuntu Precise)
Importance: High
Status: Triaged
** Tags: rls-p-tracking
** Also affects: horizon (Ubuntu)
Importance: Undecided
Status: New
** Also affects: keystone (Ubuntu)
Importance: Undecided
Status: New
** Also affects: horizon (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: keystone (Ubuntu Precise)
Importance: Undecided
Status: New
** Changed in: keystone (Ubuntu Precise)
Status: New => Triaged
** Changed in: horizon (Ubuntu Precise)
Status: New => Triaged
** Changed in: keystone (Ubuntu Precise)
Importance: Undecided => High
** Changed in: keystone (Ubuntu Precise)
Milestone: None => ubuntu-12.04
** Changed in: horizon (Ubuntu Precise)
Milestone: None => ubuntu-12.04
** Changed in: horizon (Ubuntu Precise)
Importance: Undecided => High
** Description changed:
Much of OpenStack is hard-coded to use http instead of https. Of particular interest is keystone which is the identity service for OpenStack. https://wiki.ubuntu.com/PrecisePangolin/ReleaseNotes/UbuntuCloud should state that accessing OpenStack over an unprotected network may expose credentials and other information. This is true (at least) when:
* keystone is on a separate server from the other OpenStack components
* horizon (the OpenStack Dashboard) is on a different system than keystone
* users access OpenStack remotely
+ * users access horizon (the OpenStack dashboard) over http
Adding horizon and keystone tasks.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to horizon in Ubuntu.
https://bugs.launchpad.net/bugs/978963
Title:
add release note that OpenStack should be used on a protected network
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-release-notes/+bug/978963/+subscriptions
More information about the Ubuntu-server-bugs
mailing list