On 08/10/15 at 03:59pm, Tony Breeds wrote:
Hi All,
Nova has bug: https://bugs.launchpad.net/nova/+bug/1447679 (service No-VNC
(port 6080) doesn't require authentication).
Which explains that if you know the 'token'[1] associated with an instances
console you can get access to said console
On Mon, Aug 10, 2015 at 01:34:03PM -0400, Andrew Laski wrote:
I'm only one data point, but we have a short TTL on tokens so it is not
something that our users could reasonably due. And the Nova default TTL is
10 minutes, which is also out of bookmarking range IMO.
So that's a good point. If
Hi All,
Nova has bug: https://bugs.launchpad.net/nova/+bug/1447679 (service No-VNC
(port 6080) doesn't require authentication).
Which explains that if you know the 'token'[1] associated with an instances
console you can get access to said console without otherwise proving that you
should be