ben

My feedback

  1. 13 votes
    Sign in Sign in with OnApp
    Signed in as (Sign out)

    We’ll send you updates on this idea

    ben supported this idea  · 
  2. 13 votes
    Sign in Sign in with OnApp
    Signed in as (Sign out)

    We’ll send you updates on this idea

    ben supported this idea  · 
  3. 14 votes
    Sign in Sign in with OnApp
    Signed in as (Sign out)

    We’ll send you updates on this idea

    ben supported this idea  · 
  4. 1 vote
    Sign in Sign in with OnApp
    Signed in as (Sign out)

    We’ll send you updates on this idea

    ben shared this idea  · 
  5. 2 votes
    Sign in Sign in with OnApp
    Signed in as (Sign out)

    We’ll send you updates on this idea

    ben shared this idea  · 
  6. 11 votes
    Sign in Sign in with OnApp
    Signed in as (Sign out)

    We’ll send you updates on this idea

    ben commented  · 

    Open Virtual machine Format (OVF) files can contain a digital signature that has been applied by the OnApp control panel during download. If the only OVF files that the customer is permitted to upload are ones that can be proven to have been provided by the same CP server, then the risk should be minimal.

    Also, if the customer decides they need to use the image themselves later someplace else, they can choose to ignore signature checking on whatever hypervisors they have full control over.

    Lastly, since OVF is in a tar file format which provides early on a header with the expected length of the file, it should be easy to sanity check any attempts to under-run or over-run the disk image during the upload.

  7. 1 vote
    Sign in Sign in with OnApp
    Signed in as (Sign out)

    We’ll send you updates on this idea

    ben shared this idea  · 
  8. 2 votes
    Sign in Sign in with OnApp
    Signed in as (Sign out)

    We’ll send you updates on this idea

    ben shared this idea  · 

Feedback and Knowledge Base