On Fri, Sep 28, 2007 at 09:32:46PM +0100, Daniel P. Berrange wrote:
> On Fri, Sep 28, 2007 at 04:14:35PM -0400, Mark Johnson wrote:
> >
> > This adds support for handling vncpasswd..
>
> The reason I left this out is that XML ends up in log files, which then
> end up in bug reports, which then end up indexed by Google ! Also the XML
> dump is oneof the data items available to users on read-only connections
> to libvirt. These users shouldn't be able to get the password.
>
> At the same time we clearly need to be able to get the passwd at times. We
> currently have an otherwise unused 'flags' parameter to the virDomainGetXMLDesc
> method. So I propose we make use of it, so if an app knows it really needs the
> XML with potentially sensitive data it can explicitly ask for it. It is also
> possible that there can be slight differences in XML for an inactive guest
> vs an active one. For example, the <target> element for VIFs would not be
> present for inactive guests, the port number would be '-1' for VNC if used auto
> generated ports. Having an flag to explicitly request the XML for 'inactive'
> state, even when a VM is running would be useful to me in virt-manager.
>
> So how about we add
>
> enum virDomainXMLFlags {
> VIR_DOMAIN_XML_SECURE = 1,
> VIR_DOMAIN_XML_INACTIVE = 1,
> }
>
> With the recomnmendation that if an app uses VIR_DOMAIN_XML_SECURE it should
> take care not to record that XML anywhere persistent.
>
> Mark's patch would basically be the same, but with a couple of lines being
> conditional on the VIR_DOMAIN_XML_SECURE flag.
Daniel V just committed this patch with my suggested flags addition too.
Regards,
Dan.
--
|=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=|
|=- Perl modules: http://search.cpan.org/~danberr/ -=|
|=- Projects: http://freshmeat.net/~danielpb/ -=|
|=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list