I’ve been working with the Havanna release of OpenStack the last couple of days and ran across a default setting that should be avoided in any deployment: using cookies as the session backend.
The source of the problems has been known at least since October 2013 in Django and other frameworks: clear-text client-side session management.
There is even OSVDB entry and Threatpost covered it in an article.
I normally try to stick to posting original content on my site, but I ran across this post today while doing some research for the Hacker High School project.
It presents a really well structured analysis of the communities that support and give life to the main Cloud Computing projects: OpenStack, CloudStack, Eucalyptus and OpenNebula. All the information was extracted from public forums and code management systems.
You can find the post here: http://t.co/qmwUUcsiHu
