openstack/devstack
Code Issues Proposed changes

Set a valid / unique SECRET_KEY others than the empty default.

Browse Source 
Django's default SECRET_KEY is an empty string, which is actually not
secure. Use horizon.util.secret key to generate a unique key and store
it securely.

Change-Id: I7b6deed7db6136ee15ac7ea315019a5b78698f7d
This commit is contained in:
Sascha Peilicke
2012-06-21 16:09:27 +02:00
parent 282fbda6f4
commit 345363023d
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
files/horizon_settings.py
View File

@@ -20,6 +20,10 @@ DATABASES = {
CACHE_BACKEND = 'dummy://' CACHE_BACKEND = 'dummy://'
SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db' SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
# Set a secure and unique SECRET_KEY (the Django default is '')
from horizon.utils import secret_key
SECRET_KEY = secret_key.generate_or_read_from_file(os.path.join(LOCAL_PATH, '.secret_key_store'))
# Send email to the console by default # Send email to the console by default
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
# Or send them to /dev/null # Or send them to /dev/null