On 2016-01-11 11:37:09 +0100 (+0100), Levin wrote: > I installed openstack via devstack recently, and I found out that the > admin passwords for services like cinder and nova are stored in plain > text in their /etc/*/*.conf files. These files are rw--r--r-- by > default, which I believe to be a pretty serious security risk. Is this > intended, and/or configurable pre-install?
While I don't have a real answer (I'll leave that to the DevStack maintainers and QA team), please be aware that DevStack is a development/testing tool which should not be used in production and should not be trusted to host any security-sensitive systems or data. The OpenStack Vulnerability Management Team expressly do not accept vulnerability reports about DevStack nor do they issue security advisories about it. You should operate it with expectations that it's insecure, and that it will also probably destroy any system on which it runs. -- Jeremy Stanley
signature.asc
Description: Digital signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
