From 345363023da70404180dc645538547a84fa326e2 Mon Sep 17 00:00:00 2001
From: Sascha Peilicke <saschpe@suse.de>
Date: Thu, 21 Jun 2012 16:09:27 +0200
Subject: [PATCH] Set a valid / unique SECRET_KEY others than the empty
 default.

Django's default SECRET_KEY is an empty string, which is actually not
secure. Use horizon.util.secret key to generate a unique key and store
it securely.

Change-Id: I7b6deed7db6136ee15ac7ea315019a5b78698f7d
---
 files/horizon_settings.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/files/horizon_settings.py b/files/horizon_settings.py
index 1a6c17af8c..487c06eaa9 100644
--- a/files/horizon_settings.py
+++ b/files/horizon_settings.py
@@ -20,6 +20,10 @@ DATABASES = {
 CACHE_BACKEND = 'dummy://'
 SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db'
 
+# Set a secure and unique SECRET_KEY (the Django default is '')
+from horizon.utils import secret_key
+SECRET_KEY = secret_key.generate_or_read_from_file(os.path.join(LOCAL_PATH, '.secret_key_store'))
+
 # Send email to the console by default
 EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
 # Or send them to /dev/null