The internal URL is used for more than just admin actions, and admin is no
longer a global flag, so this restriction is not suitable.
Duncan Thomas
On Nov 29, 2014 6:08 AM, joehuang joehu...@huawei.com wrote:
Hello,
if an ordinary user sent a get-token request to KeyStone, internalURL and
Hello,
if an ordinary user sent a get-token request to KeyStone, internalURL and
adminURL of endpoints will also be returned. It'll expose the internal high
privilege access address and some internal network topology information to the
ordinary user, and leads to the risk for malicious user to
