← Back to team overview

openstack team mailing list archive

Re: Security concern with vncserver_listen 0.0.0.0 and multi_host

 

On 03/04/13 11:03, Sam Stoelinga wrote:
> To prevent this happening to somebody else we could do the following:
> 1. In the documentation explicitly tell the user that when you enable
> multi_host that you can't use vncserver_listen=0.0.0.0
> 2. Do some sanity checks on nova.conf options, if we notice that
> vncserver_listen: 0.0.0.0 and multi_host true, we don't allow starting
> the nova-compute service and give a clear error message saying that it's
> stupid to do something like that and what the user should do instead.

I'm probably missing something here, but would a simple firewall not work?

#2 seems drastic to me, and #1 could be amended to mention the need for 
a firewall instead..

Kiall Mac Innes
HP Cloud Services - DNSaaS

Mobile:   +353 86 345 9333
Landline: +353 1 524 2177
GPG:      E9498407


Follow ups

References