It looks like this patch only enforces role name constraints on the keystone client. Is there any enforcement on the server-side as well, where it is probably most important?
Seems like could be a serious vulnerability if people were using role names to key off of.
It looks like this patch only enforces role name constraints on the keystone client. Is there any enforcement on the server-side as well, where it is probably most important?
Seems like could be a serious vulnerability if people were using role names to key off of.