You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by Darren Shepherd <da...@gmail.com> on 2013/09/04 19:49:04 UTC
why do we need 8096?
Why do we need an unauthenticated backdoor? Is there any chance we can
just get rid of that entry point to CloudStack?
Darren
Re: why do we need 8096?
Posted by Rohit Yadav <bh...@apache.org>.
I've had such discussions before and I've tried to fix this but could
justify properly as there could be other layers who may want to directly
exploit CloudStack's APIs for example a business/billing/management layer.
I think for security's sake among many ways -- move this behaviour out as a
plugin which is disabled by default (so admins can decided whether to turn
on or off) and/or restrict listening on localhost/loopback for this port.
Regards.
On Wed, Sep 4, 2013 at 11:19 PM, Darren Shepherd <
darren.s.shepherd@gmail.com> wrote:
> Why do we need an unauthenticated backdoor? Is there any chance we can
> just get rid of that entry point to CloudStack?
>
> Darren
>
RE: why do we need 8096?
Posted by "Musayev, Ilya" <im...@webmd.net>.
Its only available by default on dev builds, helps with executing commands quickly and not worry about api key signing.
If you install via RPM/DEB, 8096 is not enabled by default.
> -----Original Message-----
> From: Mathias Mullins [mailto:mathias.mullins@citrix.com]
> Sent: Wednesday, September 04, 2013 1:52 PM
> To: dev@cloudstack.apache.org
> Subject: Re: why do we need 8096?
>
> Hi Darren,
>
> It's a very commonly used port for many installations that want an
> unauthenticated API access, especially from other tools and systems. I think
> getting rid of this would be really bad idea.
>
> Matt
>
>
> On 9/4/13 1:49 PM, "Darren Shepherd" <da...@gmail.com>
> wrote:
>
> >Why do we need an unauthenticated backdoor? Is there any chance we
> can
> >just get rid of that entry point to CloudStack?
> >
> >Darren
>
Re: why do we need 8096?
Posted by Darren Shepherd <da...@gmail.com>.
On 09/04/2013 11:04 AM, Marcus Sorensen wrote:
> It's not default, and it is nice to have. Users have to set the
> integration port to enabled.
>
Ah thats good to know. That makes me feel a little better.
Darren
Re: why do we need 8096?
Posted by Marcus Sorensen <sh...@gmail.com>.
It's not default, and it is nice to have. Users have to set the
integration port to enabled.
On Wed, Sep 4, 2013 at 12:03 PM, Darren Shepherd
<da...@gmail.com> wrote:
> On 09/04/2013 10:52 AM, Mathias Mullins wrote:
>>
>> Hi Darren,
>>
>> It's a very commonly used port for many installations that want an
>> unauthenticated API access, especially from other tools and systems. I
>> think getting rid of this would be really bad idea.
>>
>
> Sigh, I just hate the "totally insecure by default" approach. Not to
> mention the code path for 8080 and 8096 is different. 8080 being servlet
> based and 8096 being httpcore based.
>
> Darren
Re: why do we need 8096?
Posted by Prasanna Santhanam <ts...@apache.org>.
On Wed, Sep 04, 2013 at 08:21:10PM +0200, Ove Ewerlid wrote:
> On 09/04/2013 08:03 PM, Darren Shepherd wrote:
> >On 09/04/2013 10:52 AM, Mathias Mullins wrote:
> >>Hi Darren,
> >>
> >>It's a very commonly used port for many installations that want an
> >>unauthenticated API access, especially from other tools and systems. I
> >>think getting rid of this would be really bad idea.
> >>
> >
> >Sigh, I just hate the "totally insecure by default" approach. Not to
> >mention the code path for 8080 and 8096 is different. 8080 being
> >servlet based and 8096 being httpcore based.
> >
> >Darren
>
> As Marcus pointed out, this is not there per default. Gotta love
> "totally insecure per wise decision".
>
> Personally I use this to implement zero touch boot strapping and
> automation of testing. The only command given via the Integration
> port is setting up an admin user and generating keys. Once done, the
> scripts continue using the key base approach. If there is a valid
> key set stored away, key is tested and if valid, the integration
> port is not used by the script for successive invocations. In our
> implementations, the integration port is opened using direct DB
> access and manipulation of the global parameter.
Yup, this is how marvin registers itself too and further on uses the
keys to authenticate API calls over 8080.
>
> NB; if you create say a template via the integration port, that
> template can not be deleted by even the admin user (have not checked
> this for 4.2 but it is true for 4.1.1 and earlier). The integration
> port uses a different user context (as you indicate). Hence, perhaps
> only use the integration port to bootstrap an admin user.
>
> /Ove
--
Prasanna.,
------------------------
Powered by BigRock.com
Re: why do we need 8096?
Posted by Ove Ewerlid <Ov...@oracle.com>.
On 09/04/2013 08:03 PM, Darren Shepherd wrote:
> On 09/04/2013 10:52 AM, Mathias Mullins wrote:
>> Hi Darren,
>>
>> It's a very commonly used port for many installations that want an
>> unauthenticated API access, especially from other tools and systems. I
>> think getting rid of this would be really bad idea.
>>
>
> Sigh, I just hate the "totally insecure by default" approach. Not to
> mention the code path for 8080 and 8096 is different. 8080 being
> servlet based and 8096 being httpcore based.
>
> Darren
As Marcus pointed out, this is not there per default. Gotta love
"totally insecure per wise decision".
Personally I use this to implement zero touch boot strapping and
automation of testing. The only command given via the Integration port
is setting up an admin user and generating keys. Once done, the scripts
continue using the key base approach. If there is a valid key set stored
away, key is tested and if valid, the integration port is not used by
the script for successive invocations. In our implementations, the
integration port is opened using direct DB access and manipulation of
the global parameter.
NB; if you create say a template via the integration port, that template
can not be deleted by even the admin user (have not checked this for 4.2
but it is true for 4.1.1 and earlier). The integration port uses a
different user context (as you indicate). Hence, perhaps only use the
integration port to bootstrap an admin user.
/Ove
Re: why do we need 8096?
Posted by Darren Shepherd <da...@gmail.com>.
On 09/04/2013 10:52 AM, Mathias Mullins wrote:
> Hi Darren,
>
> It's a very commonly used port for many installations that want an
> unauthenticated API access, especially from other tools and systems. I
> think getting rid of this would be really bad idea.
>
Sigh, I just hate the "totally insecure by default" approach. Not to
mention the code path for 8080 and 8096 is different. 8080 being
servlet based and 8096 being httpcore based.
Darren
Re: why do we need 8096?
Posted by Mathias Mullins <ma...@citrix.com>.
Hi Darren,
It's a very commonly used port for many installations that want an
unauthenticated API access, especially from other tools and systems. I
think getting rid of this would be really bad idea.
Matt
On 9/4/13 1:49 PM, "Darren Shepherd" <da...@gmail.com> wrote:
>Why do we need an unauthenticated backdoor? Is there any chance we can
>just get rid of that entry point to CloudStack?
>
>Darren