vishesh92 commented on PR #11654: URL: https://github.com/apache/cloudstack/pull/11654#issuecomment-3307290431
> @harikrishna-patnala's concern is very good point CPVM and SSVM has access to management network, SSVM can access storage network too, so we need to be careful. we could move the configurations to Secure category so they are not visible in global settings, or move them to non-dynamic so restarting management server is needed to make them effective. what if the root admin (cloudstack user) is compromised ? Let me make the changes to make the global setting non-dynamic & move it to Secure category. If the root admin is compromised, the attacker will be able to use console and access the system VMs anyway. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
