** Changed in: eucalyptus
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/480783
Title:
Eucalyptus does not allow api connection over https
To manage noti
** Branch linked: lp:ubuntu/eucalyptus
--
Eucalyptus does not allow api connection over https
https://bugs.launchpad.net/bugs/480783
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.co
This bug was fixed in the package eucalyptus - 1.6.1~bzr1083-0ubuntu1
---
eucalyptus (1.6.1~bzr1083-0ubuntu1) lucid; urgency=low
[ Dustin Kirkland ]
* Merge upstream bzr revision 1082; the following bugs have been fixed
upstream since the last merge:
- LP: #378969 - privat
** Branch linked: lp:~ubuntu-core-dev/eucalyptus/ubuntu
--
Eucalyptus does not allow api connection over https
https://bugs.launchpad.net/bugs/480783
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bug
** Changed in: eucalyptus (Ubuntu)
Status: Incomplete => In Progress
** Changed in: eucalyptus (Ubuntu)
Assignee: (unassigned) => Dustin Kirkland (kirkland)
--
Eucalyptus does not allow api connection over https
https://bugs.launchpad.net/bugs/480783
You received this bug notificatio
revno: 1070 [merge]
committer: decker
branch nick: 1.6
timestamp: Tue 2009-11-17 08:45:59 -0800
message:
enables the StartTLS-like SSL support on port 8773 and includes the
trustStore needed by java clients in the euca2-credentials.zi
Soren: to me the privacy angle is just as important as the security angle.
Being unable to replay attacks is great, but leaking information unnecessarily
is still sub-optimal.
It sounds like the right things are happening upstream though, thanks!
--
Eucalyptus does not allow api connection over
Support for SSL is already in the code as of 1.6.1. The blocker to
including it in the original release was client support (as Neil
mentioned). This is on the agenda and will be addressed shortly.
c
** Changed in: eucalyptus
Assignee: (unassigned) => chris grzegorczyk (chris-grze)
** Chan
On Mon, Nov 16, 2009 at 05:27:37PM -, Neil Soman wrote:
> This assertion is incorrect. The secret is never sent in the clear. A
> replay attack is possible and its gravity will depend on the specific
> operation that is replayed.
The hash computed by the client includes a time stamp and a time
"As they carry QueryID/SecretKey in clear, anyone that can sniff the
network can gain admin privileges on eucalyptus."
This assertion is incorrect. The secret is never sent in the clear. A
replay attack is possible and its gravity will depend on the specific
operation that is replayed.
Chris Jone
It is a security issue, but does not need to be private. Changing that
now...
** Visibility changed to: Public
--
Eucalyptus does not allow api connection over https
https://bugs.launchpad.net/bugs/480783
You received this bug notification because you are a member of Ubuntu
Bugs, which is subsc
11 matches
Mail list logo