On 20/02/14 09:12, Radomir Dopieralski wrote:
If we do need to store passwords it becomes a somewhat thorny issue, how
does Tuskar know what a password is? If this is flagged up by the
UI/client then we are relying on the user to tell us which isn't wise.
All the template parameters that are passwords are marked in the Heat
parameter list that we get from it as "NoEcho": "true", so we do have an
idea about which parts are sensitive.
Right, that's good to know. I think Ladislav mentioned this to me but
it didn't click. If we do store passwords however, I wonder if we are
best to encrypt everything to be safe. The overhead shouldn't be that
big and it may be better than special casing the "NoEcho" values.
_______________________________________________
OpenStack-dev mailing list
OpenStack-dev@lists.openstack.org
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
