registry team mailing list archive

Thread
Date

[Bug 607512] Re: Authorization not checked on objectstore

To: registry@xxxxxxxxxxxxxxxxxxx
From: vishvananda <vishvananda@xxxxxxxxx>
Date: Tue, 20 Jul 2010 11:14:38 -0000
Reply-to: Bug 607512 <607512@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Actually no.

The last paramater passed to authenticate is False, which tells
authenticate not to check the signature.  The reason for this from the
legacy code is that authenticate was constructed to verify aws
signatures and unfortunately s3 uses a completely different method for
signing requests.  Authenticate returns the proper user and project but
does NOT currently check the signature for objectstore requests.

Authorize may need to reworked a bit because it needs a little more data
for the s3 version, like content-type and md5.  Docs here:

http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.html?RESTAuthentication.html

-- 
Authorization not checked on objectstore
https://bugs.launchpad.net/bugs/607512
You received this bug notification because you are a member of Registry
Administrators, which is subscribed to OpenStack.

References

[Bug 607512] [NEW] Authorization not checked on objectstore
From: justinsb, 2010-07-20