[ https://issues.apache.org/jira/browse/CLOUDSTACK-3342?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thomas O'Dowd closed CLOUDSTACK-3342. ------------------------------------- Sounds good. Closing. > Object_Store_Refactor - S3 "Secret Key" must not be visible in the UI after > S3 Object store creation. > ----------------------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-3342 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3342 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Components: UI > Affects Versions: 4.2.0 > Reporter: Thomas O'Dowd > Assignee: Min Chen > Labels: s3, security > > 1. Login to a freshly deployed devcloud server. > 2. Click Infrastructure > 3. Click secondary Storage > 4. Remove NFS > 5. Add new S3 Secondary Storage (anything will do for this bug as its a > display bug) > 6. Re-visit secondary storage and click on the S3 storage you created. > Expectation: > You can NOT see the "secret key". > Actual: > You can see all the details of the S3 object store including the "secret key". > The secret key is like a password. Anyone knowing the secret key can > upload/delete etc from the S3 store. It should not be available easily in my > opinion. I guess its easily available in the database anyway but lets keep it > out of the browser after its been input. It can be displayed using ***. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira