357b12dc2b
The determination of the client IP looked at the X-Cluster-Client-Ip and X-Forwarded-For headers in the incoming HTTP request. This is trivially spoofable by a malicious client, so there's no security gained by having the check there. Worse, having the check there provides a false sense of security to cluster operators. It sounds like it's based on the client IP, so an attacker would have to do IP spoofing to defeat it. However, it's really just a shared secret, and there's already a secret key set up. Basically, it looks like 2-factor auth (IP+key), but it's really 1-factor (key). Now, the one case where this might provide some security is where the Swift cluster is behind an external load balancer that strips off the X-Cluster-Client-Ip and X-Forwarded-For headers and substitutes its own. I don't think it's worth the tradeoff, hence this commit. Fixes bug 1068420 for very small values of "fixes". DocImpact Change-Id: I2bef64c2e1e4df8a612a5531a35721202deb6964 |
||
|---|---|---|
| .. | ||
| functional | ||
| functionalnosetests | ||
| probe | ||
| unit | ||
| __init__.py | ||
| sample.conf | ||