ture generation is obsolete as well?
>>
>> -Original Message-
>> From: Edison Su [mailto:edison...@citrix.com]
>> Sent: Monday, October 22, 2012 4:16 PM
>> To: cloudstack-dev@incubator.apache.org
>> Subject: RE: API Key and Signature security flaw on CS4 -
mehow, it's up to you how to
>>secure it.
>>
>>> -Original Message-
>>> From: Musayev, Ilya [mailto:imusa...@webmd.net]
>>> Sent: Monday, October 22, 2012 1:04 PM
>>> To: cloudstack-dev@incubator.apache.org
>>> Subject: API Key
e API Key and Signature generation is obsolete as well?
>
>-Original Message-
>From: Edison Su [mailto:edison...@citrix.com]
>Sent: Monday, October 22, 2012 4:16 PM
>To: cloudstack-dev@incubator.apache.org
>Subject: RE: API Key and Signature security flaw on CS4 - jenkins build
&
tober 22, 2012 1:04 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: API Key and Signature security flaw on CS4 - jenkins build
> non-oss 137
>
> I guess I found a not so cool feature/bug which is at this moment is a
> major security flaw for locally authenticated ssh us
, 2012 1:04 PM
> To: cloudstack-dev@incubator.apache.org
> Subject: API Key and Signature security flaw on CS4 - jenkins build
> non-oss 137
>
> I guess I found a not so cool feature/bug which is at this moment is a
> major security flaw for locally authenticated ssh use or fr
I guess I found a not so cool feature/bug which is at this moment is a major
security flaw for locally authenticated ssh use or from another host on the
network .
The API signature and key are not checked at all - I'm able to run the commands
against API port with any key - and command is execu
