On Wed, Jul 03, 2013 at 03:51:39PM +0900, Thomas O'Dowd wrote: > Hi guys, > > I created a bug regarding the handling of the S3 secret key information. > My opinion is that it should be treated more carefully like a password > and not displayed in the UI at least. > > https://issues.apache.org/jira/browse/CLOUDSTACK-3342 >
Had a related question filed in CLOUDSTACK-3323 by Sanjeev - The bucket permissions when a store is added by the admin to cloudstack needs to be set to something specific? Or will all objects put into the store have public read access? Is this something to be documented prior to setting up objectstore? AWS supports rich ACLs on its object store. So do other object store solutions [1] In relation to this - I want to understand the HTTP download link exposed when I click on download image (volume/template/iso). The link has the access key in its url path. Is this okay in terms of security? [1] http://aws.amazon.com/articles/5050/ -- Prasanna.,
