openstack/openstack-manuals
Code Issues Proposed changes
ee146d0112
openstack-manuals/doc/common/tables/swift-swift-swift-hash.xml
Tom Fifield 6a6ee5bc0b add docs for swift variables 
Adds docs for the new swift_hash prefix and suffix flags
introduced in havana

Also reveal_sensitive_prefix - introduced in havana

Change-Id: I2ccd7a2c1216a252c251b47e9f7ac8f6f8fc89a7
Closes-Bug: 1195556
Closes-Bug: 1204119
2013-09-10 10:37:30 -07:00

42 lines
2.0 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!-- The tool that generated this table lives in the
tools directory of this repository. As it was a one-time
generation, you can edit this file. -->
<para xmlns="http://docbook.org/ns/docbook" version="5.0">
<table rules="all">
<caption>Description of configuration options for <literal>[swift-hash]</literal> in <literal>swift.conf-sample</literal></caption>
<col width="50%"/>
<col width="50%"/>
<thead>
<tr>
<td>Configuration option=Default value</td>
<td>Description</td>
</tr>
</thead>
<tbody>
<tr>
<td>swift_hash_path_suffix=changeme</td><td>
A suffix used by hash_path to offer a bit more security when generating hashes for
paths. It simply appends this value to all paths; if someone knows this suffix,
it's easier for them to guess the hash a path will end up with.
New installations are advised to set this parameter to a random secret,
which would not be disclosed ouside the organization.
The same secret needs to be used by all swift servers of the same cluster.
Existing installations should set this parameter to an empty string.</td>
</tr>
<tr>
<td>swift_hash_path_prefix=changeme</td><td>
A prefix used by hash_path to offer a bit more security when generating hashes for
paths. It simply appends this value to all paths; if someone knows this suffix,
it's easier for them to guess the hash a path will end up with.
New installations are advised to set this parameter to a random secret,
which would not be disclosed ouside the organization.
The same secret needs to be used by all swift servers of the same cluster.
Existing installations should set this parameter to an empty string.</td>
</tr>
</tbody>
</table>
</para>
View Git Blame Copy Permalink