[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libvir] PATCH: vncpasswd



On Fri, Sep 28, 2007 at 04:14:35PM -0400, Mark Johnson wrote:
> 
> This adds support for handling vncpasswd..

The reason I left this out is that XML ends up in log files, which then
end up in bug reports, which then end up indexed by Google !  Also the XML
dump is oneof the data items available to users on read-only connections
to libvirt. These users shouldn't be able to get the password.

At the same time we clearly need to be able to get the passwd at times. We
currently have an otherwise unused 'flags' parameter to the virDomainGetXMLDesc
method. So I propose we make use of it, so if an app knows it really needs the
XML with potentially sensitive data it can explicitly ask for it. It is also
possible that there can be slight differences in XML for an inactive guest
vs an active one. For example, the <target> element for VIFs would not be 
present for inactive guests, the port number would be '-1' for VNC if used auto
generated ports. Having an flag to explicitly request the XML for 'inactive'
state, even when a VM is running would be useful to me in virt-manager. 

So how about we add

   enum  virDomainXMLFlags {
       VIR_DOMAIN_XML_SECURE = 1,
       VIR_DOMAIN_XML_INACTIVE = 1,
   }

With the recomnmendation that if an app uses VIR_DOMAIN_XML_SECURE it should
take care not to record that XML  anywhere persistent.

Mark's patch would basically be the same, but with a couple of lines being
conditional on the VIR_DOMAIN_XML_SECURE flag.

Dan.
-- 
|=- Red Hat, Engineering, Emerging Technologies, Boston.  +1 978 392 2496 -=|
|=-           Perl modules: http://search.cpan.org/~danberr/              -=|
|=-               Projects: http://freshmeat.net/~danielpb/               -=|
|=-  GnuPG: 7D3B9505   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505  -=| 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]