Injection in Keystone (Openstack)

Question

i'm studying where Keystone has an injection attack or not. after trying to input some code when login, i need to see the source code to know where any filter the input text.

but i can not find which file of keystone source code to open to show that here is source code: https://github.com/openstack/keystone plz help me

score 2 · Answer 1 · answered Mar 31 '16 at 12:03

2

i'm studying where Keystone has an injection attack or not. after trying to input some code when login, i need to see the source code to know where any filter the input text.

Keystone is a identify service, doesn't have any input. Maybe you mean login to horizon.

Horizon is a Django-based project. Its login view is in django-openstack-auth. The login function is in file django_openstack_auth/openstack_auth/views.py.

answered Mar 31 '16 at 12:03

Q.Tian

71
3

yes , im studying the openstack and want to test if there is any injection attack. thanks so much for your help. as i know if a system want to avoid injection , it need to filter the input of user when login, so with Django, is there any protection to avoid that. i read the views.py but can not recognize that :( – Nguyen Diep Apr 01 '16 at 01:06
[This](https://docs.djangoproject.com/es/1.9/topics/security/#sql-injection-protection) may help you. – Q.Tian Apr 01 '16 at 02:26

Injection in Keystone (Openstack)

1 Answers1