Comment 12 for bug 1498163
Revision history for this message
| Mike Fedosin (mfedosin) wrote Re: Glance storage quota bypass when token is expired | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
Technically the impact is the same, because user can do exactly the same things, but a little bit trickier.
But yeah, I can't deny that here security risk is smaller. I consider this patch as an amendment to the previous one, which fully eliminates the possibility of quota bypass.
By the way, this patch also fixes the consequences of the old famous bug with token expiration.