Comment 4 for bug 1545717
Revision history for this message
| Stuart McLaren (stuart-mclaren) wrote | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
@Tristan
FWIW Travis put up a really nice, short, demo on the metadef stuff -- useful for anyone not familiar with it:
https:/
> What kind of damage an user can cause by adding public metadef?
Travis can probably answer this better.
Here's what I can think of: By spamming with many bogus namespaces they can make it very difficult for users of Glance's metadef API (or Horizon's metadef pages) to find/differentiate between bogus and real namespaces. So kind of a DOS of the metadef API. They could possibly cause upgrade issues by injecting doctored versions of real namespaces introduced in Release X+1 into a server running Release X (namespace grab). I don't think there'd be any effect on non-metadef API calls, so no impact on Glance's main "/v2/images" API or Nova's API. Just the metadef stuff impacted I think.