I've had such discussions before and I've tried to fix this but could
justify properly as there could be other layers who may want to directly
exploit CloudStack's APIs for example a business/billing/management layer.
I think for security's sake among many ways -- move this behaviour out as a
plugi
On Wed, Sep 04, 2013 at 08:21:10PM +0200, Ove Ewerlid wrote:
> On 09/04/2013 08:03 PM, Darren Shepherd wrote:
> >On 09/04/2013 10:52 AM, Mathias Mullins wrote:
> >>Hi Darren,
> >>
> >>It's a very commonly used port for many installations that want an
> >>unauthenticated API access, especially from
On 09/04/2013 11:04 AM, Marcus Sorensen wrote:
It's not default, and it is nice to have. Users have to set the
integration port to enabled.
Ah thats good to know. That makes me feel a little better.
Darren
On 09/04/2013 08:03 PM, Darren Shepherd wrote:
On 09/04/2013 10:52 AM, Mathias Mullins wrote:
Hi Darren,
It's a very commonly used port for many installations that want an
unauthenticated API access, especially from other tools and systems. I
think getting rid of this would be really bad idea.
It's not default, and it is nice to have. Users have to set the
integration port to enabled.
On Wed, Sep 4, 2013 at 12:03 PM, Darren Shepherd
wrote:
> On 09/04/2013 10:52 AM, Mathias Mullins wrote:
>>
>> Hi Darren,
>>
>> It's a very commonly used port for many installations that want an
>> unauth
On 09/04/2013 10:52 AM, Mathias Mullins wrote:
Hi Darren,
It's a very commonly used port for many installations that want an
unauthenticated API access, especially from other tools and systems. I
think getting rid of this would be really bad idea.
Sigh, I just hate the "totally insecure by de
Wednesday, September 04, 2013 1:52 PM
> To: dev@cloudstack.apache.org
> Subject: Re: why do we need 8096?
>
> Hi Darren,
>
> It's a very commonly used port for many installations that want an
> unauthenticated API access, especially from other tools and systems. I think
> g
Hi Darren,
It's a very commonly used port for many installations that want an
unauthenticated API access, especially from other tools and systems. I
think getting rid of this would be really bad idea.
Matt
On 9/4/13 1:49 PM, "Darren Shepherd" wrote:
>Why do we need an unauthenticated backdoo
Why do we need an unauthenticated backdoor? Is there any chance we can
just get rid of that entry point to CloudStack?
Darren