edisonxiang
commented
5 years ago @regismarg please join in the discussion in #63 Thanks very much.
Open regismarg opened 5 years ago
edisonxiang
commented
5 years ago @regismarg please join in the discussion in #63 Thanks very much.
Hello, regarding the case: obs objectstore logic is insecure #63
Testing the broker for obs bucket creation. The security model seems broken. After creating the service instance, and binding, the end-users receives bucket url and SHARED access key/secrets keys. This means one can access ANY bucket provisionned by the service broker, not just the one they provision. Broker should generate per bucket access key/secrets for secure use.
We please need a solution because we can not consume the S3 buckets and it is blocked for more than 40 projects Not good for OBS and huawei business
Can you please contact me to go on with this problem ?