Min,
+1. In my opinion, masking the secret key will only make debugging and
diagnostics more difficult. From a security perspective, CloudStack
administrators/operators should be creating a dedicated CloudStack access
key/secret key with a read/write ACL only for the bucket used by the system
Hi Min,
I'm not familiar with all the use cases of Cloudstack so let me just ask
anyway... If you create another user as an admin can that user see the S3
secret key? Is there is any use case where another admin should not see the
secret key then I think we should hide it. If not, then I guess its
Tom, on second thought, I don't think that this is an issue at all. This
Infrastructure page UI is only available to cloud admin, who is the person
who set up S3 secondary storage, so he/she already knows S3 secret key.
Hiding or not hiding it will make no difference. This UI will not be
visible to
Thanks Tom for reporting this. Jessica, can you take a look at this bug to
hide it from UI, in the similar manner as we handle password field?
-min
On 7/2/13 11:51 PM, "Thomas O'Dowd" wrote:
>Hi guys,
>
>I created a bug regarding the handling of the S3 secret key information.
>My opinion is tha
Hi guys,
I created a bug regarding the handling of the S3 secret key information.
My opinion is that it should be treated more carefully like a password
and not displayed in the UI at least.
https://issues.apache.org/jira/browse/CLOUDSTACK-3342
Tom.
--
Cloudian KK - http://www.cloudian.com/
