| From: | Dave Page <dpage(at)pgadmin(dot)org> |
|---|---|
| To: | Ashesh Vashi <ashesh(dot)vashi(at)enterprisedb(dot)com> |
| Cc: | pgadmin-hackers <pgadmin-hackers(at)postgresql(dot)org>, Josh Berkus <josh(at)agliodbs(dot)com>, Devrim GÜNDÜZ <devrim(at)gunduz(dot)org> |
| Subject: | RM1849: Auto-generating security keys |
| Date: | 2016-10-11 15:40:30 |
| Message-ID: | CA+OCxownxfR2eDEaXNkgSdFqat6+AQgukrzcYOyoFX0V-zs_VA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
Hi Ashesh,
Can you please review the attached patch, and apply if you're happy with it?
The purpose is to auto-generate the various security keys that are
currently in the configuration file, and store them in the SQLite database.
This allows us to remove the checks for config_local.py and the hard-coded
default keys which are causing some problems with packaging:
- Hard coded defaults are fine for Desktop mode, and packages generally aim
to make that work primarily.
- Hard coded defaults are a security risk for Server mode, hence we
currently require the user to manually setup keys, which is currently being
overridden by packagers for Desktop mode.
This change ensures that we have unique security keys for every
installation, whether running in desktop or server mode (generated from
os.urandom).
Thanks!
--
Dave Page
Blog: http://pgsnake.blogspot.com
Twitter: @pgsnake
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
| Attachment | Content-Type | Size |
|---|---|---|
| auto_generate_security_keys.diff | text/x-diff | 8.6 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Chris Mayo | 2016-10-11 17:14:46 | Re: [PATCH] Document that a patch should be submitted to the list as an attachment |
| Previous Message | Dave Page | 2016-10-11 14:34:54 | Re: [PATCH] Document that a patch should be submitted to the list as an attachment |