Comment 2 for bug 1446406

Reviewed: https://review.openstack.org/176071
Committed: https://git.openstack.org/cgit/openstack/barbican/commit/?id=dce0c6922062a700a2de1fee9319421cc7d8288e
Submitter: Jenkins
Branch: master

commit dce0c6922062a700a2de1fee9319421cc7d8288e
Author: Charles Neill <email address hidden>
Date: Tue Apr 21 15:49:20 2015 -0500

    Removing signing_dir directive from config

    The signing_dir directive defined in barbican-api-paste.ini explicitly
    stores Keystone's signing certificates in a known /tmp directory. This
    could be exploited by populating the directory with bogus certificates,
    potentially allowing a malicious user to generate valid tokens.

    Added comment explaining signing_dir, and a reasonable
    (commented) default.

    Change-Id: I15fda6863e888e3881694ab47a836eee2fb578ee
    Closes-Bug: #1446406