yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1383817] [NEW] Deprecate catalog replacements and whitelists

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: David Stanek <dstanek@xxxxxxxxxxx>
Date: Tue, 21 Oct 2014 17:14:22 -0000
Reply-to: Bug 1383817 <1383817@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Bug #1354208 reported a security flaw in the way that we performed
substitution for catalog URLs. The immediate solution was to add a
whitelist of config fields that are safe to use with substitution. The
long term goal is to get rid of this feature and only allow tenant_id
and user_id to be used for substitution.

The first step for the Kilo release is to deprecate the feature.

** Affects: keystone
     Importance: High
     Assignee: David Stanek (dstanek)
         Status: In Progress

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1383817

Title:
  Deprecate catalog replacements and whitelists

Status in OpenStack Identity (Keystone):
  In Progress

Bug description:
  Bug #1354208 reported a security flaw in the way that we performed
  substitution for catalog URLs. The immediate solution was to add a
  whitelist of config fields that are safe to use with substitution. The
  long term goal is to get rid of this feature and only allow tenant_id
  and user_id to be used for substitution.

  The first step for the Kilo release is to deprecate the feature.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1383817/+subscriptions

Follow ups

[Bug 1383817] Re: Deprecate catalog replacements and whitelists
From: Thierry Carrez, 2014-12-17
[Bug 1383817] [NEW] Deprecate catalog replacements and whitelists
From: David Stanek, 2014-10-21

References

[Bug 1383817] [NEW] Deprecate catalog replacements and whitelists
From: David Stanek, 2014-10-21