Comment 9 for bug 1400966
Revision history for this message
| Zhi Yan Liu (lzy-dev) wrote Re: Glance allows users to download and delete any file in glance-api server | #9 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Hi Stuart, Hemanth,
Thanks for your analysis.
As an alternative solution regarding to changing store drive that Hemanth proposed above, I think we could make a similar limitation/check on image location update api like what we did in v1 [0] as well, to prevent user use patch api to handle file and swift location? A unique benefit of the way is that, IMO, it could make v2 api be consistent with v1 on this kind of request from client's perspective.
[0] https:/
Thoughts?