OpenStack Compute (nova)

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #823000
Comment #2

Comment 2 for bug 823000

Revision history for this message

Thierry Carrez (ttx) wrote on 2011-11-25: Re: nova-compute doesn't follow principle of least privilege; root SQL password in nova.conf

@Joe: how do you suggest we improve that ? get every database call through a queue and get the queries picked up by some database action listener ? Narrow down permissions so that the DB user used by nova-compute can't do as much damage ?

This is a pretty well-known situation, and not really a directly-exploitable vulnerability (but rather something that can be improved in the architecture for more resilience). Do you agree to open this bug publicly ?