You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cloudstack.apache.org by GitBox <gi...@apache.org> on 2020/10/22 07:41:44 UTC

[GitHub] [cloudstack] andrijapanicsb opened a new issue #4419: Sensitive info when failure on attaching a deleted/recovered volume

andrijapanicsb opened a new issue #4419:
URL: https://github.com/apache/cloudstack/issues/4419


   VMware, master
   
   WHen a volume is deleted, then recovered - there is an issue attaching a volume (@weizhouapache didn't you work on a PR for allowing delete/expunge vs. just deletting a volume? perhaps you can advise here?) - sensitive info is sent by the backend and displayed in UI:
   
   ![image](https://user-images.githubusercontent.com/45762285/96840368-a39c5880-144a-11eb-9d1e-3f4683cbedd3.png)
   
   The simple fix might be to remove the volume location from vSphere - just keep the first sentence of the error responce, but ensure that the full info is logged in debug/elsewhere in the mgmt log.
   
   
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] rhtyd commented on issue #4419: Sensitive info when failure on attaching a deleted/recovered volume

Posted by GitBox <gi...@apache.org>.

rhtyd commented on issue #4419:
URL: https://github.com/apache/cloudstack/issues/4419#issuecomment-720326186


   cc @Spaceman1984 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] andrijapanicsb commented on issue #4419: Sensitive info when failure on attaching a deleted/recovered volume

Posted by GitBox <gi...@apache.org>.

andrijapanicsb commented on issue #4419:
URL: https://github.com/apache/cloudstack/issues/4419#issuecomment-714299669


   cc @DaanHoogland - FYI


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] rhtyd closed issue #4419: Sensitive info when failure on attaching a deleted/recovered volume

Posted by GitBox <gi...@apache.org>.

rhtyd closed issue #4419:
URL: https://github.com/apache/cloudstack/issues/4419


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] DaanHoogland commented on issue #4419: Sensitive info when failure on attaching a deleted/recovered volume

Posted by GitBox <gi...@apache.org>.

DaanHoogland commented on issue #4419:
URL: https://github.com/apache/cloudstack/issues/4419#issuecomment-726160545


   ah, the ip i missed, sure . just don't see harm in the internal name


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] DaanHoogland commented on issue #4419: Sensitive info when failure on attaching a deleted/recovered volume

Posted by GitBox <gi...@apache.org>.

DaanHoogland commented on issue #4419:
URL: https://github.com/apache/cloudstack/issues/4419#issuecomment-726079712


   @andrijapanicsb why is the path sensitive? to my knowledge authorisation of the user had already been done when this error occurs? is the user not allowed to know where their disks reside?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [cloudstack] andrijapanicsb commented on issue #4419: Sensitive info when failure on attaching a deleted/recovered volume

Posted by GitBox <gi...@apache.org>.

andrijapanicsb commented on issue #4419:
URL: https://github.com/apache/cloudstack/issues/4419#issuecomment-726135151


   @DaanHoogland I'm sure you are not saying that an average joe ("user" role) is allowed to learn your internal IPs (and internal VM name?) 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org