Reset established vnc connections
Currently a vnc console access token provides unlimited time access to the VM once a connection is established. While the token validity period can be controlled, an established connection cannot be torn without altering either vm state or proxy service.
This has security implications. Suppose a token leaks to an adversary, by means of active snooping or human carelessness, and the adversary makes a connection, she can then passively watch the VM console and gather sufficient information to get an ssh connection. While it is difficult to prevent user errors, Nova can help an alerted user by providing a safety abort mechanism. The aim of this blueprint is to provide such a mechanism to a user to reset all established vnc connections to a given VM.
Blueprint information
- Status:
- Not started
- Approver:
- Russell Bryant
- Priority:
- Undefined
- Drafter:
- None
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Review
- Series goal:
- None
- Implementation:
-
Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Related bugs
Sprints
Whiteboard
No work has happened, no milestone targeted, need better spec of a solution, resetting --johnthetubaguy
I don't have time to work on this at the moment. I'll get back to it later, but meanwhile, if anyone's interested please pick it up. Thanks.
Unapproved - please re-submit via nova-spec --johnthetubagy (20th March 2014)
