Snapshot download with authentication
It is possible to guess (by brute force) diagnostic snapshot name and as a
result get access to all logins and passwords.
Blueprint information
- Status:
- Started
- Approver:
- Tomasz 'Zen' Napierala
- Priority:
- High
- Drafter:
- Sylwester Brzeczkowski
- Direction:
- Approved
- Assignee:
- Sylwester Brzeczkowski
- Definition:
- Review
- Series goal:
- Accepted for 7.0.x
- Implementation:
- Good progress
- Milestone target:
- 7.0
- Started by
- Łukasz Oleś
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
Gerrit topic: https:/
Addressed by: https:/
Blueprint: snapshot-
Addressed by: https:/
Snapshot download with authentication
Addressed by: https:/
Change /dump url to internal in nginx conf
Addressed by: https:/
Attach auth token to snapshot download request
Addressed by: https:/
Added tests for downloading diagnostic snapshot with auth
Addressed by: https:/
Snapshot download with authentication
Addressed by: https:/
Attach auth token to snapshot download request
Addressed by: https:/
Change /dump url to internal in nginx conf