My mistake. Didn't read the bug report clearly. So mgmt server would
need to know ahead of time to allow ports considered safe by the admin
so it can program that during SecStorageSetupCommand.
On Wed, Jul 31, 2013 at 04:41:16PM +, Min Chen wrote:
> Hi Prasanna,
>
> I think what Tom an
Just a security measure, AFAIK. Since this is user-provided input, it
causes CloudStack to blindly (CloudStack does not have any blacklists for
example) to contact the supplied server. Presumably if the supplied server
has the standard ports open, it has a WAF to defend itself.
On 7/30/13 10:58 P
Hi Prasanna,
I think what Tom and I mentioned is the url provided in registering a
template, which is totally different from the endpoint.url for the object
store. I still could not understand your suggestion.
Thanks
-min
On 7/31/13 2:47 AM, "Prasanna Santhanam" wrote:
What can be done is to include into validateUrl the port provided in
the endpoint.url from addImageStore API . That will satisfy both
objectstore and NFS based storage. The unorthodox port that comes from
object store will anyway be closed on the SSVM so it will return a
connection-refused.
Would
I guess what I still don't understand is why restrict urls to certain
ports? If the ports are not open it will cause an error. If the ports
are open it will work (assuming the protocol is implemented on that
port). For example, for register template if I choose a closed port then
give me a connecti
Prasanna,
Based on your comment, what will happen if we remove that check and
still
NFS as secondary storage? In that case, register template is still done
through
SSVM. Any side effect? I had the same question as Tom when I was doing
object store refactoring, but hesitated to remove it be
On Tue, Jul 30, 2013 at 03:37:39PM +0900, Thomas O'Dowd wrote:
> Thanks Ian. I had a look at this file. It's an easy fix to remove the
> check from here but it's a general utility function so will also affect
> other uris... If there is no reason to limit any uri to those ports then
> I'd like to r
Thanks Ian. I had a look at this file. It's an easy fix to remove the
check from here but it's a general utility function so will also affect
other uris... If there is no reason to limit any uri to those ports then
I'd like to remove this check and open them up.
Interested to hear opinions,
Tom.
No idea why this is done, but it has annoyed me in the past too.
The code doing it is in /utils/src/com/cloud/utils/UriUtils.java
specifically line 141.
On 26 July 2013 10:22, Thomas O'Dowd wrote:
> Hi all,
>
> Just curious if there is any reason to limit the ports that we can
> download templat
Hi all,
Just curious if there is any reason to limit the ports that we can
download templates from?
https://issues.apache.org/jira/browse/CLOUDSTACK-3219
Tom.
--
Cloudian KK - http://www.cloudian.com/get-started.html
Fancy 100TB of full featured S3 Storage?
Checkout the Cloudian® Community Edit
10 matches
Mail list logo
