You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cloudstack.apache.org by "Thomas O'Dowd (JIRA)" <ji...@apache.org> on 2013/07/03 08:48:20 UTC

[jira] [Created] (CLOUDSTACK-3342) Object_Store_Refactor - S3 "Secret Key" must not be visible in the UI after S3 Object store creation.

Thomas O'Dowd created CLOUDSTACK-3342:
-----------------------------------------

             Summary: Object_Store_Refactor - S3 "Secret Key" must not be visible in the UI after S3 Object store creation.
                 Key: CLOUDSTACK-3342
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-3342
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: UI
    Affects Versions: 4.2.0
            Reporter: Thomas O'Dowd


1. Login to a freshly deployed devcloud server. 
2. Click Infrastructure 
3. Click secondary Storage 
4. Remove NFS 
5. Add new S3 Secondary Storage (anything will do for this bug as its a display bug)
6. Re-visit secondary storage and click on the S3 storage you created.

Expectation:
You can NOT see the "secret key". 

Actual:
You can see all the details of the S3 object store including the "secret key".

The secret key is like a password. Anyone knowing the secret key can upload/delete etc from the S3 store. It should not be available easily in my opinion. I guess its easily available in the database anyway but lets keep it out of the browser after its been input. It can be displayed using ***.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira