[Pacemaker] Multi-level ACLs for the CIB

Andrew Beekhof andrew at beekhof.net
Mon Feb 8 09:48:56 UTC 2010


On Thu, Feb 4, 2010 at 5:24 PM, Yan Gao <ygao at novell.com> wrote:
>> And put exclusions for things like passwords before  the read for the whole cib?
> Yes. We should specify any "deny" and "write" objects before it.

I like the syntax now, but my original concern (that all the
validation occurs in the client library) remains... so this still
isn't providing any real security.




More information about the Pacemaker mailing list