Comment 0 for bug 1606495

copy_from allows to create Images with an url like http://localhost:22
The remote content gets copied unverified in the defined glance store.

E.g. after downloading the image with copy_from url http://localhost:22, you see the OpenSSH banner.

This is a security issue, as it allows users to do network "scans" for open ports and it copies remote (potentially malicious) content unverified to your configured glance store.

glance api v1 is still the default in horizon.