Comment 47 for bug 1545092
Revision history for this message
| Brian Rosmaita (brian-rosmaita) wrote | #47 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
I think Hemanth has a good idea about calling out the rate-limiting as a mitigation, not a solution. Maybe something like this:
### Recommended Actions ### <-- add new sentences at the end of the first paragraph
For all versions of Glance that expose either the v1 and v2/images API,
operators are recommended to deploy external rate-limiting proxies or web
application firewalls, to provide a front layer of protection to glance.
The Glance database should be monitored for abnormal growth. Although
rate-limiting does not eliminate this attack vector, it will slow it to
the point where you can react prior to a denial of service occurring.
#### Limit `add_image` to admin role #### <-- change last sentence
Another possible mitigation is to restrict image creation to the admin role,
however this should only be done for those cases in which there are Glance
nodes dedicated to end-user access only. Restriction to admin only on Glance
nodes that serve OpenStack services will, for example, remove the ability to
create snapshots from the Compute API or to create bootable volumes from
Cinder.
Otherwise, looks good to me!