Comment 16 for bug 1282865
Revision history for this message
| Thierry Carrez (ttx) wrote Re: Keystone middleware may confuse contexts | #16 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
I would use "Potential context confusion in Keystone middleware" as the title.
Also : "...that is fixed if the process used eventlet..." -> "...that is avoided if the calling process already used eventlet..."
-> the issue is not fixed if the process already monkey-patched 'thread', it is not vulnerable in the first place
-> "calling" process makes it IMHO clearer that we are talking about the server project using the middleware.
If we precisely analyze the grizzly/havana affected server software, we could end with something like: "In Grizzly and Havana, only Glance and Ceilometer were found to be affected. Also note that only keystone middleware setups using auth_token with memcache are vulnerable."