Hi Min, I'm not familiar with all the use cases of Cloudstack so let me just ask anyway... If you create another user as an admin can that user see the S3 secret key? Is there is any use case where another admin should not see the secret key then I think we should hide it. If not, then I guess its ok to leave it.
Tom. On Thu, Jul 4, 2013 at 10:09 AM, Min Chen <min.c...@citrix.com> wrote: > Tom, on second thought, I don't think that this is an issue at all. This > Infrastructure page UI is only available to cloud admin, who is the person > who set up S3 secondary storage, so he/she already knows S3 secret key. > Hiding or not hiding it will make no difference. This UI will not be > visible to end users, so should not expose security issue. > > Thanks > -min > > On 7/2/13 11:51 PM, "Thomas O'Dowd" <tpod...@cloudian.com> wrote: > > >Hi guys, > > > >I created a bug regarding the handling of the S3 secret key information. > >My opinion is that it should be treated more carefully like a password > >and not displayed in the UI at least. > > > > https://issues.apache.org/jira/browse/CLOUDSTACK-3342 > > > >Tom. > >-- > >Cloudian KK - http://www.cloudian.com/get-started.html > >Fancy 100TB of full featured S3 Storage? > >Checkout the Cloudian® Community Edition! > > > >
