@Joe: how do you suggest we improve that ? get every database call through a queue and get the queries picked up by some database action listener ? Narrow down permissions so that the DB user used by nova-compute can't do as much damage ?
This is a pretty well-known situation, and not really a directly-exploitable vulnerability (but rather something that can be improved in the architecture for more resilience). Do you agree to open this bug publicly ?
@Joe: how do you suggest we improve that ? get every database call through a queue and get the queries picked up by some database action listener ? Narrow down permissions so that the DB user used by nova-compute can't do as much damage ?
This is a pretty well-known situation, and not really a directly- exploitable vulnerability (but rather something that can be improved in the architecture for more resilience). Do you agree to open this bug publicly ?