On 19/02/14 17:10, Ladislav Smola wrote:
Hello,
I would like to have your opinion about how to deal with passwords in
Tuskar-API
The background is, that tuskarAPI is storing heat template parameters in
its database, it's a
preparation for more complex workflows, when we will need to store the
data before the actual
heat stack-create.
So right now, the state is unacceptable, we are storing sensitive
data(all the heat passwords and keys)
in a raw form in the TuskarAPI database. That is wrong right?
I agree, this situation needs to change.
I'm +1 for not storing the passwords if we can avoid it. This would
apply to all situations and not just Tuskar.
The question for me, is what passwords will we have and when do we need
them? Are any of the passwords required long term.
If we do need to store passwords it becomes a somewhat thorny issue, how
does Tuskar know what a password is? If this is flagged up by the
UI/client then we are relying on the user to tell us which isn't wise.
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
