OpenStack Horizon – CSRF_COOKIE_SECURE parameter set to True
Details CSRF (Cross-site request forgery) is an attack which forces an end user to execute unauthorized commands on a web...
- Home
- Security Hardening
- TNS OpenStack Dashboard Horizon Security Guide
TNS OpenStack Dashboard Horizon Security Guide
OpenStack Horizon – disable_password_reveal parameter set to True
Details It is recommended not to reveal password fields. Solution Set the value of parameter disable_password_reveal in /etc/openstack-dashboard/local_settings.py to True...OpenStack Horizon – password_autocomplete parameter set to off
Details Common feature that applications use to provide users a convenience is to cache the password locally in the browser...OpenStack Horizon – SESSION_COOKIE_HTTPONLY parameter set to True
Details The ‘HTTPONLY’ cookie attribute instructs web browsers not to allow scripts (e.g. JavaScript or VBscript) an ability to access...OpenStack Horizon – SESSION_COOKIE_SECURE parameter set to True
Details The ‘SECURE’ cookie attribute instructs web browsers to only send the cookie through an encrypted HTTPS (SSL/TLS) connection. This...OpenStack Horizon – strict permissions set for horizon configuration files – /etc/openstack-dashboard/local_settings.py
Details It is recommended to set strict access permissions for configuration files. 640 or better. Solution Set file permissions to...OpenStack Horizon – user/group of config files set to root/horizon – /etc/openstack-dashboard/local_settings.py
Details Configuration files contain critical parameters and information required for smooth functioning of the component. If an unprivileged user, either...OpenStack Horizon – USE_SSL parameter set to True
Details Openstack services communicate with each other using various protocols and the communication might involve sensitive/confidential information. An attacker may...