My mistake. Didn't read the bug report clearly. So mgmt server would
need to know ahead of time to allow ports considered safe by the admin
so it can program that during SecStorageSetupCommand.
On Wed, Jul 31, 2013 at 04:41:16PM +, Min Chen wrote:
Hi Prasanna,
I think what Tom and
Hi Prasanna,
I think what Tom and I mentioned is the url provided in registering a
template, which is totally different from the endpoint.url for the object
store. I still could not understand your suggestion.
Thanks
-min
On 7/31/13 2:47 AM, Prasanna Santhanam
Just a security measure, AFAIK. Since this is user-provided input, it
causes CloudStack to blindly (CloudStack does not have any blacklists for
example) to contact the supplied server. Presumably if the supplied server
has the standard ports open, it has a WAF to defend itself.
On 7/30/13 10:58
Thanks Ian. I had a look at this file. It's an easy fix to remove the
check from here but it's a general utility function so will also affect
other uris... If there is no reason to limit any uri to those ports then
I'd like to remove this check and open them up.
Interested to hear opinions,
On Tue, Jul 30, 2013 at 03:37:39PM +0900, Thomas O'Dowd wrote:
Thanks Ian. I had a look at this file. It's an easy fix to remove the
check from here but it's a general utility function so will also affect
other uris... If there is no reason to limit any uri to those ports then
I'd like to
Prasanna,
Based on your comment, what will happen if we remove that check and
still
NFS as secondary storage? In that case, register template is still done
through
SSVM. Any side effect? I had the same question as Tom when I was doing
object store refactoring, but hesitated to remove it
I guess what I still don't understand is why restrict urls to certain
ports? If the ports are not open it will cause an error. If the ports
are open it will work (assuming the protocol is implemented on that
port). For example, for register template if I choose a closed port then
give me a
Hi all,
Just curious if there is any reason to limit the ports that we can
download templates from?
https://issues.apache.org/jira/browse/CLOUDSTACK-3219
Tom.
--
Cloudian KK - http://www.cloudian.com/get-started.html
Fancy 100TB of full featured S3 Storage?
Checkout the Cloudian® Community
No idea why this is done, but it has annoyed me in the past too.
The code doing it is in /utils/src/com/cloud/utils/UriUtils.java
specifically line 141.
On 26 July 2013 10:22, Thomas O'Dowd tpod...@cloudian.com wrote:
Hi all,
Just curious if there is any reason to limit the ports that we can