Comment 3 for bug 1299039
Revision history for this message
| Malini Bhandaru (malini-k-bhandaru) wrote | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Seems like horizon login page should take as input a "scope", domain (and even project possibly) to avoid such an issue.
Users are supposed to be unique per domain.
Then we could enforce any subsequent token creation to the domain and project of the current token. So no more or less harm than the token already leaked.
Further, we could limit horizon admin uses to only "read-only" on other domains/projects.