# HG changeset patch
# User Danek Duvall <danek.duvall@oracle.com>
# Date 1445296071 25200
# Node ID dba45c6430591eef0339022f6387864fb5dd8018
# Parent  ce7a7efc042b920733683425c50a56183404bcdb
21936091 problem in SERVICE/GLANCE

diff -r ce7a7efc042b -r dba45c643059 components/openstack/glance/files/glance-api.conf
--- a/components/openstack/glance/files/glance-api.conf	Mon Oct 19 13:13:17 2015 -0700
+++ b/components/openstack/glance/files/glance-api.conf	Mon Oct 19 16:07:51 2015 -0700
@@ -184,6 +184,9 @@
 #sqlalchemy_debug = True
 
 # Pass the user's token through for API requests to the registry.
+# WARNING: DO NOT CHANGE THIS VALUE.  Setting use_user_token to False
+# allows for unintended privilege escalation within the Glance API server.
+# See https://wiki.openstack.org/wiki/OSSN/OSSN-0060
 # Default: True
 #use_user_token = True