On Mon, Nov 02, 2009 at 05:24:38PM +0100, Matthias Bolte wrote:
2009/10/29 Matthias Bolte <matthias.bolte(a)googlemail.com>:
> 2009/10/28 Daniel P. Berrange <berrange(a)redhat.com>:
>> On Wed, Oct 28, 2009 at 09:12:06PM +0100, Matthias Bolte wrote:
>>> The default transport for the VI API is HTTPS. If the server redirects
>>> from HTTPS to HTTP the driver would silently follow that redirection.
>>> The user assumes to communicate with the server over a secure transport
>>> but isn't.
>>
>> Good catch, this is definitely something we don't want to happen.
>>
>>> This patch disables automatical redirection following. The driver reports
>>> an error if the server tries to redirect.
>>
>> Is the user likely to hit any redirects in the real world, or is this
>> just an edge case. If they're likely to hit redirects, then we might
>> want to allow a redirect if it points to another paths on the same
>> server as the original URI, and is using HTTPS.
>>
>> Daniel
>
> As far as I can tell it's an edge case.
>
> The available transports can be configured on the ESX server. Default
> is HTTPS-only, but you can configure it to use HTTPS+HTTP or
> HTTP-only. The ESX server redirects you to the other protocol if you
> try to access it via a disabled one. I'm not aware of any other
> situation that results in a redirect.
>
> Matthias
>
If not doubts are left then I'm going to push this 5 ESX patches.
Fine by me !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit
http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine
http://rpmfind.net/
http://veillard.com/ | virtualization library
http://libvirt.org/