Hi,
user.json files of all cloud accounts are stored in a central file system of the cloud provider. Cloud customers are worried because cloud provider administrator
has direct access to file system and can collect all user/passwords, etc.
To avoid storing credentials in Orion we enable using an external id provider that stores the credentials.
Best Regards
Sergio
From: orion-dev-bounces@xxxxxxxxxxx [mailto:orion-dev-bounces@xxxxxxxxxxx]
On Behalf Of Anthony Hunter
Sent: יום ב
07 דצמבר 2015 17:51
To: Orion developer discussions <orion-dev@xxxxxxxxxxx>
Subject: Re: [orion-dev] passwrod when create user
This may be better discussed in a Bugzilla. I am not sure what risk issue you are raising.
The user.json is only accessible by the user that owns it and only indirectly through server API. So I am not sure who you are worried is going to "see" this user.json.
Cheers...
Anthony
"Balan, Yossi" ---2015/12/07 10:23:45 AM---Hi
This is what I meant.
From: "Balan, Yossi" <yossi.balan@xxxxxxx>
To: Orion developer discussions <orion-dev@xxxxxxxxxxx>
Date: 2015/12/07 10:23 AM
Subject: Re: [orion-dev] passwrod when create user
Sent by: orion-dev-bounces@xxxxxxxxxxx
Hi
This is what I meant.
Why did you keep it in the user.json ?
Is it secured to keep the password on user.json even it encrypted, ? ( as far as I know the method for the encrypted is not secure enough )
Regards,
Yossi
From: orion-dev-bounces@xxxxxxxxxxx [mailto:orion-dev-bounces@xxxxxxxxxxx]
On Behalf Of Anthony Hunter
Sent: Monday, December 07, 2015 5:14 PM
To: Orion developer discussions <orion-dev@xxxxxxxxxxx>
Subject: Re: [orion-dev] passwrod when create user
Hi Yossi, I am not sure of the question, but when you create a user using the users API a password is required and yes it is encrypted on disk in the user.json.
https://wiki.eclipse.org/Orion/Server_API/User_API#Create_a_user
Cheers...
Anthony
"Balan,
Yossi" ---2015/12/06 09:27:56 AM---Hi I found that in user.json when you create new user ( not admin ) or the admin user is not exist
From: "Balan, Yossi" <yossi.balan@xxxxxxx>
To: "orion-dev@xxxxxxxxxxx" <orion-dev@xxxxxxxxxxx>
Date: 2015/12/06 09:27 AM
Subject: [orion-dev] passwrod when create user
Sent by: orion-dev-bounces@xxxxxxxxxxx
Hi
I found that in user.json when you create new user ( not admin ) or the admin user is not exist you keep the property password encrypted.
Is it a bug or Orion need it for any validation ?
Regards,
Yossi_______________________________________________
orion-dev mailing list
orion-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/orion-dev_______________________________________________
orion-dev mailing list
orion-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/orion-dev