Project

General

Profile

Bug #17175

when setting payer of bucket to Requester, the ceph also could get object by anonymous account.

Added by wenjun jing over 6 years ago. Updated over 5 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
other
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

When setting bucket's payer to requester, anonymous account could also get object by setting the value of optional parameter RequestPayer to requester. This action is not allowed in AWS S3. If the optional parameter is not set, the phenomenon is the same as AWS S3. As a matter of fact, the access to get object by anonymous account is not denied.

The blow is the get object API of boto3 and the last parameter is optional.
get_object(Bucket=bucket_name, Key=key, RequestPayer=requester)

History

#1 Updated by Sage Weil over 5 years ago

  • Project changed from Ceph to rgw

Also available in: Atom PDF