| *** lyrrad has quit IRC | 00:25 | |
| *** Sashimi has quit IRC | 00:26 | |
| *** openstackgerrit has quit IRC | 03:11 | |
| *** openstackgerrit has joined #swift3 | 03:12 | |
| openstackgerrit | Kota Tsuyuzaki proposed openstack/swift3: Deny all access to controller instance method https://review.openstack.org/329265 | 04:52 |
|---|---|---|
| kota_ | timburke: here? | 04:53 |
| kota_ | If you have a time, I hope you could take a time to review https://review.openstack.org/329265 as soon as possible. | 04:54 |
| timburke | hi kota_! yes, but probably not for very long | 04:54 |
| kota_ | I don't think it's a significant security issue but | 04:54 |
| kota_ | it could be a risk of any verb attack for all s3 controller requests. | 04:54 |
| timburke | ah, good call. indeed. will make sure it's reviewed quickly | 04:55 |
| kota_ | timburke: thanks | 04:55 |
| kota_ | the reason it exists is why current swift3 checks only existence of each verbs (like GET, PUT) and nothing denied if *it exists* | 04:56 |
| kota_ | I noticed that when reading the conversation between jilichli and notmyname for encryption reviews in this morning :) | 04:57 |
| kota_ | decrypter seems to have same issue and I'm feeling swift3 too! | 04:57 |
| timburke | yeah, i saw that convo too. i might need to audit some swiftstack middleware now... | 05:05 |
| kota_ | ok, thanks. | 05:10 |
| kota_ | wooo, handling AttributeError seems worse? :P Since continuing to read the rest of conversations.... | 05:20 |
| *** Sashimi has joined #swift3 | 06:47 | |
| *** openstackgerrit has quit IRC | 06:48 | |
| *** openstackgerrit has joined #swift3 | 06:49 | |
| *** Sashimi has quit IRC | 07:07 | |
| *** acoles_ is now known as acoles | 08:58 | |
| *** Shashikant86 has joined #swift3 | 08:59 | |
| *** Shashikant86 has quit IRC | 09:24 | |
| *** Shashikant86 has joined #swift3 | 09:32 | |
| *** Shashikant86 has quit IRC | 10:42 | |
| *** Shashikant86 has joined #swift3 | 11:05 | |
| *** Shashikant86 has quit IRC | 11:35 | |
| *** Shashikant86 has joined #swift3 | 11:55 | |
| *** Shashikant86 has quit IRC | 13:32 | |
| *** Sashimi has joined #swift3 | 13:32 | |
| *** Shashikant86 has joined #swift3 | 13:34 | |
| *** Sashimi has quit IRC | 13:45 | |
| *** Sashimi has joined #swift3 | 13:51 | |
| *** Shashikant86 has quit IRC | 13:54 | |
| *** bill_az has joined #swift3 | 14:22 | |
| *** Shashikant86 has joined #swift3 | 14:25 | |
| *** bill_az has quit IRC | 14:54 | |
| *** Shashikant86 has quit IRC | 15:58 | |
| *** lyrrad has joined #swift3 | 16:22 | |
| *** acoles is now known as acoles_ | 18:10 | |
| *** Sashimi has quit IRC | 19:13 | |
| *** openstack has joined #swift3 | 22:28 | |
| *** Sashimi has joined #swift3 | 22:44 | |
Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!