https://github.com/ging/horizon
Revision 45b0188b48df1a03962be97387df1dd7a6662086 authored by Nicolas Simonds on 24 September 2013, 18:26:59 UTC, committed by Nicolas Simonds on 24 September 2013, 20:24:01 UTC
Currently the settings.py generates a secret_key, then loads user ovverides. The former step requires write access in a directory that the webserver has no real business trying to write to, which is a security risk, amongst other things. As a simple mitigation step, defer loading the default until after the local_settings.py has been loaded. Then the admins can decide if/how the secret_key is stored (or not stored, as the case may be) and in absentia of that, it uses the current behaviour of scribbling files in odd places. Fixes Bug: 1220884 Change-Id: I158702f9500563a4d16f6aefc1a3afea766b1e92
1 parent e063659
Tip revision: 45b0188b48df1a03962be97387df1dd7a6662086 authored by Nicolas Simonds on 24 September 2013, 18:26:59 UTC
Don't generate the secret_key until after loading local settings
Don't generate the secret_key until after loading local settings
Tip revision: 45b0188
File | Mode | Size |
---|---|---|
.tx | ||
doc | ||
horizon | ||
openstack_dashboard | ||
tools | ||
.gitignore | -rw-r--r-- | 377 bytes |
.gitreview | -rw-r--r-- | 76 bytes |
.mailmap | -rw-r--r-- | 519 bytes |
.pylintrc | -rw-r--r-- | 1.4 KB |
HACKING.rst | -rw-r--r-- | 411 bytes |
LICENSE | -rw-r--r-- | 9.9 KB |
MANIFEST.in | -rw-r--r-- | 654 bytes |
Makefile | -rw-r--r-- | 588 bytes |
README.rst | -rw-r--r-- | 3.1 KB |
manage.py | -rwxr-xr-x | 292 bytes |
openstack-common.conf | -rw-r--r-- | 194 bytes |
requirements.txt | -rw-r--r-- | 505 bytes |
run_tests.sh | -rwxr-xr-x | 12.7 KB |
setup.cfg | -rw-r--r-- | 1.0 KB |
setup.py | -rwxr-xr-x | 794 bytes |
test-requirements.txt | -rw-r--r-- | 289 bytes |
tox.ini | -rw-r--r-- | 1.1 KB |
Computing file changes ...