please discuss on the VOTE thread Kristian. Give your -1 with explanation there.
On Tue, Jan 16, 2018 at 11:40 AM, Kristian Liivak <k...@wavecom.ee> wrote: > Daan, > > For us and i guess for many others public cloud and vps providers its very > big hole. > Imagine that 10-20 chinese guys have made fraud orders and 10-20 vps are > provisioned. > We dealing with fradulent orders daily basis. > Some time later abusers will get catch in the act and vpses will be > terminated. > If your customer increase is considerable, most probably one or more ips > will be given to new customers during same day. > Newly created instances get then abusers keys and root passwords. > If new instance uses only keys, root password will be never changed. > Abusers need just log in with them old passwords and bitcoin mining or > spamming will be started again. > Some of smarter customers are able to connect dots and serviceprovider > reputation will be damaged seriously. > > > Lugupidamisega / Regards > > Kristian Liivak > > Tegevjuht / Executive director > > WaveCom As > Endla 16, 10142 Tallinn > Estonia > Tel: +3726850001 > Gsm: +37256850001 > E-mail: k...@wavecom.ee > Skype: kristian.liivak > http://www.wavecom.ee > http://www.facebook.com/wavecom.ee > > ----- Original Message ----- > From: "Daan Hoogland" <daan.hoogl...@gmail.com> > To: "users" <us...@cloudstack.apache.org> > Cc: "dev" <dev@cloudstack.apache.org> > Sent: Monday, January 15, 2018 1:49:04 PM > Subject: Re: [DISCUSS] Freezing master for 4.11 > > Kristian, > > > > On Mon, Jan 15, 2018 at 11:49 AM, Kristian Liivak <k...@wavecom.ee> wrote: > >> > > ... > > > > As for this one: > > > Also there is major security hole. When instance is destroyd and expunged > >> > and new instance is created with old IP all old data is unaffected in > VR > >> > New instance will get then old root password and ssh key if they were > >> > present in VR > >> > > I don't see how this is a security issue. The user won't get in and > update the key and password to get in. No harm done or am I overlooking > something? > > > -- > Daan > -- Daan
