You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The lwp.py file has a SECRET_KEY stored in the code, this is a security vulnerability as all lwp installations are using the same secret key which is known.
This should be read from the config file instead, with a clear comment in the example config file that the user should put a random secret key of their own in order to properly secure their lwp installation.
The text was updated successfully, but these errors were encountered:
robvdl
changed the title
SECRET_KEY in code is a security vulnverability
SECRET_KEY in code is a security vulnerability
Aug 11, 2014
The lwp.py file has a SECRET_KEY stored in the code, this is a security vulnerability as all lwp installations are using the same secret key which is known.
This should be read from the config file instead, with a clear comment in the example config file that the user should put a random secret key of their own in order to properly secure their lwp installation.
The text was updated successfully, but these errors were encountered: