Change in ovirt-engine[master]: image upload: don't expose resource ID to entity updates.

amureini at redhat.com amureini at redhat.com
Mon Oct 31 10:34:07 UTC 2016 

Allon Mureinik has submitted this change and it was merged.

Change subject: image upload: don't expose resource ID to entity updates.
......................................................................


image upload: don't expose resource ID to entity updates.

Resource ID is used for identifying the upload tickets. once the
ability of clearing it is exposed for the frontend/REST, it can
potentially cause loss of a transfer session, opening up security risks.

Remove this member from the image transfer updates entity, and set it as
a parameter for the backend ImageTransferUpdater class.

Change-Id: Iee39b43faea82a4737919de0c39acba4b2b60b26
Signed-off-by: Amit Aviram <aaviram at redhat.com>
---
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/disk/image/ImageTransferUpdater.java
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/disk/image/UploadImageCommand.java
M backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/storage/disk/image/UploadImageStatusCommand.java
M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/action/UploadImageStatusParameters.java
D backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/storage/ImageTransferUpdates.java
M frontend/webadmin/modules/gwt-common/src/main/resources/org/ovirt/engine/core/Common.gwt.xml
M frontend/webadmin/modules/uicommonweb/src/main/java/org/ovirt/engine/ui/uicommonweb/models/storage/UploadImageModel.java
7 files changed, 24 insertions(+), 79 deletions(-)

Approvals:
  Allon Mureinik: Verified; Looks good to me, approved; Passed CI tests



-- 
To view, visit https://gerrit.ovirt.org/63254
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Iee39b43faea82a4737919de0c39acba4b2b60b26
Gerrit-PatchSet: 15
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Amit Aviram <aaviram at redhat.com>
Gerrit-Reviewer: Allon Mureinik <amureini at redhat.com>
Gerrit-Reviewer: Amit Aviram <aaviram at redhat.com>
Gerrit-Reviewer: Daniel Erez <derez at redhat.com>
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: gerrit-hooks <automation at ovirt.org>

More information about the Engine-commits mailing list