[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] XCP: Insecure Distro ?

> The points highlighted don't represent security risks if the dom0 is
> properly isolated on a secure management network.

Unfortunately there are some situations where even having an air-gap between networks, is not considered secure enough.
Having the password hashes in world-readable files is basically a no-no, and would mean that this product could not go into production use.
Basically this appears to be a relaxation in security against the 'norm', if this is only required due to keeping different pool members in sync,
I think that investigation should be made into an alternative method of synchronising the members.
Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.