Just trying to understand our existing integration
I found
http://docs.openstack.org/juno/config-reference/content/introduction-to-xen.html
which discusses how OpenStack uses XAPI plugins. Do we have a similar
document describing the integration of CloudStack with Xen via SSH?
Don't we
Are there any plans to disable SSLv3 in favor of TLS in CloudStack?
There are many places where SSLv3 is still enabled: the web servers, various
plugins, etc.
What about changing the system VM random passwords to use
generateRandomPassword() instead of generatePresharedKey()? Seems like it
should be the same function.
-Original Message-
From: Ian Duffy [mailto:i...@ianduffy.ie]
Sent: Friday, October 24, 2014 6:00 PM
To: CloudStack Dev
Subjec
It doesn't seem that OpenSwan is very actively maintained if there is an issue
with the OS X client. Is there another IPsec VPN we could use instead
(strongSwan, Libreswan, etc.)?
-Original Message-
From: Harikrishna Patnala [mailto:nore...@reviews.apache.org] On Behalf Of
Harikrishna
Actually, I am not sure. Only the env.cgi script is loaded and, while the
other scripts are in perl, there is nothing in the video which shows the source
for the env.cgi script so it may not be perl.
-Original Message-
From: Demetrius Tsitrelis [mailto:demetrius.tsitre...@citrix.com
Interestingly this video shows attack against a perl script...
https://www.youtube.com/watch?v=ArEOVHQu9nk
-Original Message-
From: Demetrius Tsitrelis [mailto:demetrius.tsitre...@citrix.com]
Sent: Monday, September 29, 2014 6:13 PM
To:
Subject: RE: Shellshock
http://systemvm-public
trius,
Which Date of SystemVM are you using now?
And please share result of "ls -al /bin/sh" on your System VM.
from my iPhone
2014/10/01 3:42、Demetrius Tsitrelis のメッセージ:
> When I do "echo $SHELL" on the Virtual Router instance I see "/bin/bash".
>
>
calc included system() function call but debian based our
system vm are using dash as system shell. So I think this shellshock concern
are not directly affected to system vm cgi-bin. right?
GO
from my iPhone
2014/09/30 10:13、Demetrius Tsitrelis のメッセージ:
> http://systemvm-public-ip/cgi-bin/
ot be exploited.
--Sheng
On Fri, Sep 26, 2014 at 1:57 PM, Demetrius Tsitrelis <
demetrius.tsitre...@citrix.com> wrote:
> Do you mean you tried setting the USER_AGENT like in
> https://community.qualys.com/blogs/securitylabs/2014/09/25/qualysguard
> -remote-detection
Do you mean you tried setting the USER_AGENT like in
https://community.qualys.com/blogs/securitylabs/2014/09/25/qualysguard-remote-detection-for-bash-shellshock?
-Original Message-
From: Ian Duffy [mailto:i...@ianduffy.ie]
Sent: Friday, September 26, 2014 6:56 AM
To: CloudStack Dev
Subj
ou’re trying to do with it?
>
> On 24-Sep-2014, at 8:10 pm, Demetrius Tsitrelis <
> demetrius.tsitre...@citrix.com> wrote:
> > OWASP has some security-related modules which would be great to
> incorporate into CloudStack:
> >
> > https://www.owasp.org/index.php/OW
OWASP has some security-related modules which would be great to incorporate
into CloudStack:
https://www.owasp.org/index.php/OWASP_Java_Encoder_Project
https://www.owasp.org/index.php/OWASP_JSON_Sanitizer
These are BSD licensed. What is the process for bundling them into CloudStack?
Legal re
What about using POST via AJAX instead of using implied GET in the link?
-Original Message-
From: Giri Prasad [mailto:g_p...@yahoo.com.INVALID]
Sent: Friday, September 05, 2014 4:47 AM
To: dev@cloudstack.apache.org; us...@cloudstack.apache.org
Subject: Re: API calls and keys
I have imple
assword
change' protocol at the moment. It is assumed that user provisioning and user
lifecycle is best left to a different system.
From: Demetrius Tsitrelis
mailto:demetrius.tsitre...@citrix.com>>
Reply-To: "dev@cloudstack.apache.org<mailto:dev@cloudstack.apache.org>"
For legacy reasons the MD5 and plaintext plugins are included in the list of
authenticators. If a company has been using CloudStack for awhile they may
want to move all their users to a stronger plugin such as SHA256SALTED (which
is now the default).
Is there a mechanism to do that? It doesn'
Congratz!
-Original Message-
From: Rajani Karuturi [mailto:rajani.karut...@citrix.com]
Sent: Tuesday, July 22, 2014 1:53 AM
To: dev@cloudstack.apache.org
Subject: Re: [ANNOUNCE] Rajani Karuturi as committer
Thanks everyone !!
~Rajani
On 22-Jul-2014, at 2:15 pm, Sanjeev Neelarapu
wr
POSAL] Adding a plugin to check the password strength of all
users
Will show the strength of the password as well.
On 18-Jul-2014, at 6:53 pm, Demetrius Tsitrelis
wrote:
> Will the plugin merely show the strength of the password or will the plugin
> prevent the use of wea
Will the plugin merely show the strength of the password or will the plugin
prevent the use of weak passwords?
From: Damoder Reddy [damoder.re...@citrix.com]
Sent: Thursday, July 17, 2014 11:02 PM
To: dev@cloudstack.apache.org
Subject: [PROPOSAL] Adding a
rsday, July 03, 2014 11:05 AM
To:
Subject: Re: createTemplate API lacks sshkeyenabled?
Yes Demetrius, please raise a bug at https://issues.apache.org/jira
-Harikrishna
On 03-Jul-2014, at 12:52 am, Demetrius Tsitrelis
wrote:
> OK, should I raise a bug to remove the parameter (at least
> On June 24, 2014, 11:10 p.m., Demetrius Tsitrelis wrote:
> > The only change I can see regarding "SSL enabling" is to the getProperty()
> > method for the default value. It looks like that change to null wouldn't
> > matter as the constructor for Clou
> On July 6, 2014, 8:45 a.m., Demetrius Tsitrelis wrote:
> > Another concern is that the new code is using EasySSLProtocolSocketFactory.
> > Why change Cloudstack to automatically except self-signed certificates
> > here?
>
> Dmitry Batkovich wrote:
> Mm,
> On June 24, 2014, 11:10 p.m., Demetrius Tsitrelis wrote:
> > The only change I can see regarding "SSL enabling" is to the getProperty()
> > method for the default value. It looks like that change to null wouldn't
> > matter as the constructor for Clou
> On June 24, 2014, 11:10 p.m., Demetrius Tsitrelis wrote:
> > The only change I can see regarding "SSL enabling" is to the getProperty()
> > method for the default value. It looks like that change to null wouldn't
> > matter as the constructor for Clou
?
- Demetrius Tsitrelis
On May 27, 2014, 8:04 p.m., Dmitry Batkovich wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache
EasySSLProtocolSocketFactory.
Why change Cloudstack to automatically except self-signed certificates here?
- Demetrius Tsitrelis
On May 27, 2014, 8:04 p.m., Dmitry Batkovich wrote:
>
> ---
> This is an automatically generated e-mail. To reply, visit
On 02-Jul-2014,at 4:45 am, Demetrius Tsitrelis
wrote:
> I see - thanks. But what if I created a VM from an .ISO? It still seems
> that I have to use createTemplate to make a template which CloudStack could
> use, but that API will not let me tell CloudStack that my new VM is run
m the source template of the VM.
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
> From: "Demetrius Tsitrelis"
> To: dev@cloudstack.apache.org
> Sent: Tuesday, 1 July, 2014 10:48:11 PM
> Subject: RE: createTemplate API l
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
- Original Message -
> From: "Demetrius Tsitrelis"
> To: dev@cloudstack.apache.org
> Sent: Tuesday, 1 July, 2014 9:24:55 PM
> Subject: RE: createTemplate API lacks sshkeyenabled?
>
> Thanks,
example, on instance Wizard, create/register/delete ssh key, resetsshkey
for vm, register template, etc.
I have implemented some of them on 4.2 , it need to be changed for
4.3/4.4/master
-Wei
2014-07-01 22:06 GMT+02:00 Demetrius Tsitrelis <
demetrius.tsitre...@citrix.com>:
> registerTem
registerTemplate has both the passwordenabled and sshkeyenabled parameters.
So why doesn't createTemplate have both? Reference:
http://cloudstack.apache.org/docs/api/apidocs-4.3/root_admin/createTemplate.html
is to the getProperty()
method for the default value. It looks like that change to null wouldn't
matter as the constructor for CloudStackApi() would just reassign 8080?
- Demetrius Tsitrelis
On May 27, 2014, 8:04 p.m., Dmitry
I see that DevCloud was available for 4.2 and then DevCloud 2.0 was available
for 4.3 so does that mean that there will be a DevCloud 3.0 for 4.4?
ecure/Dashboard.jspa?selectPageId=12323265
On Wed, May 21, 2014 at 11:34 PM, Demetrius Tsitrelis
wrote:
> In the "Features" section of the CloudStack 4.4 Release (Draft) page
> (https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=39623192)
> is a filter for a prev
In the "Features" section of the CloudStack 4.4 Release (Draft) page
(https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=39623192) is
a filter for a previous version of features
(https://issues.apache.org/jira/sr/jira.issueviews:searchrequest-xml/12323168/SearchRequest-12323168.xml
Thanks. I created a page for 5.0.
-Original Message-
From: Daan Hoogland [mailto:daan.hoogl...@gmail.com]
Sent: Wednesday, May 14, 2014 12:28 AM
To: dev
Subject: Re: Where is appropriate place to begin discussion for 5.0 API
discussion?
On Tue, May 13, 2014 at 6:55 PM, Demetrius
, 2014 at 7:48 PM, Demetrius Tsitrelis
wrote:
> When I log into cwiki I don't see an option to add (or even edit) a page. Do
> I need additional permissions?
>
> -Original Message-
> From: Daan Hoogland [mailto:daan.hoogl...@gmail.com]
> Sent: Sunday, May 11,
, May 9, 2014 at 10:33 PM, Demetrius Tsitrelis
wrote:
> I know that any breaking API changes have to wait until the next major
> version of the project and I don't see any sections on the Wiki about ideas
> for the 5.x version.
>
--
Daan
I know that any breaking API changes have to wait until the next major version
of the project and I don't see any sections on the Wiki about ideas for the 5.x
version.
It has not been open sourced.
-Original Message-
From: Ryan Shafer [mailto:ryan.sha...@ecommerce.com]
Sent: Wednesday, April 23, 2014 7:45 AM
To: dev@cloudstack.apache.org
Subject: Source Code for Windows Password Manager
I have been looking through the cloudstack source code and I canno
will try with https now.
Just for information, why did they change this from MD5 to plain text?
Regards,
Tejas
On Thu, Apr 17, 2014 at 1:03 AM, Demetrius Tsitrelis <
demetrius.tsitre...@citrix.com> wrote:
> There is already an open bug
> (https://issues.apache.org/jira/browse/CLO
This property is used to dynamically insert HTML into the UI. Unfortunately,
it is easily abused because it accepts input such as
[mailto:run...@gmail.com]
Sent: Wednesday, April 16, 2014 12:16 PM
To: dev@cloudstack.apache.org
Subject: Re: login API with MD5 is not working
On Apr 16, 2014, at 12:56 PM, Demetrius Tsitrelis
wrote:
> One problem is that the API documentation
> (https://cloudstack.apache.org/docs/api/apido
One problem is that the API documentation
(https://cloudstack.apache.org/docs/api/apidocs-4.3/root_admin/login.html)
still says that the password should be hashed. The docs are out of date; send
the password in plain text.
And - think about security. DON'T use HTTP GET or the query parameters
isting api method signatures
(adding/removing parameters).
Regards
Alex Hitchins
D: +44 1892 523 587 | S: +44 2036 030 540 | M: +44 7788 423 969
alex.hitch...@shapeblue.com
-Original Message-
From: Demetrius Tsitrelis [mailto:demetrius.tsitre...@citrix.com]
Sent: 29 March 2
I'd like to propose a few changes. Some adding a parameter to an existing API
and some adding a new API altogether. Is there a document describing ASF or
ACS policies for doing so?
Sent from my Windows Phone
smime.p7m
Description: S/MIME encrypted message
CloudStack does not enforce complexity rules for user passwords even in its
built-in user database. For some accounts in particular, such as the root
domain admin, it would seem a good idea to have some minimum requirements.
Empty passwords, for example, should not be allowed. What do you thi
nteraction is not high bandwidth
nor latency sensitive, so it shouldn't matter.
When it is the server, I guess we could set it, but again, nobody has
complained.
On 1/9/14 10:58 AM, "Demetrius Tsitrelis" wrote:
>In CloudStack's various uses of SSL, I never see tha
In CloudStack's various uses of SSL, I never see that we disable Nagle. Isn't
this a performance killer?
It might also be good to be able to globally specify other characteristics of
the SSL/TLS configuration - for example, the list of supported ciphers.
-Original Message-
From: Demetrius Tsitrelis [mailto:demetrius.tsitre...@citrix.com]
Sent: Tuesday, December 24, 2013 10:11 AM
To: dev
CS
Why not set it to the highest secure protocol level always?
On 12/20/13 12:56 PM, "Demetrius Tsitrelis" wrote:
>
>
>I was looking at the SSL code in CloudStack and noticed that there are
>about a dozen calls to the
>SSLContext.getInstance() method. Some of the
I was looking at the SSL code in CloudStack
and noticed that there are about a dozen calls to the SSLContext.getInstance()
method. Some of them
use the "SSL" protocol while
others use "TLS" or "TLSv1". So I'm wondering if it makes sense to expose a
configuration setting which specifies an o
There is code in the DownloadManagerImpl.configure() method indicating that SSL
certs other than for realhostip.com are not supported. I have created a bug
for this: https://issues.apache.org/jira/browse/CLOUDSTACK-5386
-Original Message-
From: Wei ZHOU [mailto:ustcweiz...@gmail.com]
S
In CloudStack, it seems that one can login via three methods:
1) Connect to the API endpoint and use a login command with a user name and
password.2) Connect to the API endpoint and use a login command with a user
name and a signature based upon the "security.singlesignon.key" global
setting.3)
at 4:39 PM, Demetrius Tsitrelis
wrote:
> Do you still think there needs to be a bug filed for the missing APIs?
>
> -Original Message-
> From: Animesh Chaturvedi [mailto:animesh.chaturv...@citrix.com]
> Sent: Thursday, October 17, 2013 1:21 PM
> To: dev@cloudstack.a
-DskipTests), doesn't include the commands
> > mentioned by Demetrius. Looks like some regression bug in
> > ApiXmlDocWriter - it used to include all the commands in 3.0.x
> > version of the code.
> >
> > -Alena.
> >
> > From: Demetrius Tsit
I grep’ed the source code and came up with a list of the
APIs which the UI uses. That list is at the end of this message.
You can see that many of them (addNetscalerLoadBalancer, addVmwareDc, etc.) are
not in the generated API documentation which appears at
http://cloudstack.apache.org/docs/ap
The admin and install guides recommend pulling files from SourceForge.
Specifically:
SSH Key Gen script:
http://downloads.sourceforge.net/project/cloudstack/SSH%20Key%20Gen%20Script/cloud-set-guest-sshkey.in?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fcloudstack%2Ffiles%2FSSH%2520Key%2520Gen
---
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/13252/#review24759
---
Ship it!
Ship It!
- Demetrius Tsitrelis
On Aug. 6, 2013, 9:59
Password, hashedPassword) && realUser;
This way authentication will take the same amount of time regardless of whether
the user exists, thus mitigating the timing attack.
- Demetrius Tsitrelis
On Aug. 6, 2013, 9:51 p.m., Amo
60 matches
Mail list logo
