Permalink
Browse files

Key generation now uses config file for better security

  • Loading branch information...
1 parent a70cd24 commit 99edd3587c4e2c08746d3fce29f242ab0db18229 Jorge Handl committed Dec 22, 2011
Showing with 35 additions and 7 deletions.
  1. +6 −6 api/models.py
  2. +8 −1 api/settings.py
  3. +7 −0 backoffice/settings.py
  4. +7 −0 nebu/settings.py
  5. +7 −0 storefront/settings.py
View
@@ -20,12 +20,12 @@
# idea taken from https://www.grc.com/passwords.htm
def generate_apikey(id):
- key = "2A1A8AE7CAEFAC47D6F74920CE4B0CE46430CDA6CF03D254C1C29402D727E570"
+ key = settings.APIKEY_KEY
while True:
hash = hashlib.md5()
hash.update('%d' % id)
hash.update(key)
- hash.update('%d' % random.randint(0,1000000))
+ hash.update('%d' % random.randint(0,sys.maxint))
random_part = binascii.b2a_base64(hash.digest())[:14]
if not '/' in random_part:
break
@@ -35,12 +35,12 @@ def generate_apikey(id):
return unique_part + '-' + random_part
def generate_onetimepass(id):
- key = "CAEFAC47D6F7D727E57024920CE4B0CE46430CDA6CF03D254C1C29402A1A8AE7"
+ key = settings.ONETIMEPASS_KEY
while True:
hash = hashlib.md5()
hash.update('%d' % id)
hash.update(key)
- hash.update('%d' % random.randint(0,1000000))
+ hash.update('%d' % random.randint(0,sys.maxint))
random_part = binascii.b2a_base64(hash.digest())[:5]
if not '/' in random_part:
break
@@ -50,12 +50,12 @@ def generate_onetimepass(id):
return unique_part + random_part
def generate_forgotpass(id):
- key = "E57024920CE4B0CE4643CAEFAC47D6F7D7270CDA6CF03D254C1C29402A1A8AE7"
+ key = settings.FORGOTPASS_KEY
while True:
hash = hashlib.md5()
hash.update('%d' % id)
hash.update(key)
- hash.update('%d' % random.randint(0,1000000))
+ hash.update('%d' % random.randint(0,sys.maxint))
random_part = binascii.b2a_base64(hash.digest())[:6]
if not '/' in random_part:
break
View
@@ -1,4 +1,4 @@
-# Django settings for burbio project.
+# Django settings for the indextank project.
from os import environ
@@ -78,3 +78,10 @@
EMAIL_PORT=25
EMAIL_HOST_USER='email%localhost'
EMAIL_HOST_PASSWORD='****'
+
+# Seeds for the api key generation. These are examples, they should be changed at each installation.
+# You can find good seeds at https://www.grc.com/passwords.htm
+APIKEY_KEY='BB20B26D35578F0CD53B1F9F270DEC2410F1BA90FB1BADCC3D79875DEC534C04'
+ONETIMEPASS_KEY='86CB9927F58AE49255935D50CE4D372E57873D8C83B4B68E71818C7316D7F14D'
+FORGOTPASS_KEY='42015FF556615CD6A9FB6884EB4B360CAE118B27E8597B4A1AF435DB703784E3'
+
@@ -84,3 +84,10 @@
EMAIL_PORT=25
EMAIL_HOST_USER='user%localhost'
EMAIL_HOST_PASSWORD='****'
+
+# Seeds for the api key generation. These are examples, they should be changed at each installation.
+# You can find good seeds at https://www.grc.com/passwords.htm
+APIKEY_KEY='BB20B26D35578F0CD53B1F9F270DEC2410F1BA90FB1BADCC3D79875DEC534C04'
+ONETIMEPASS_KEY='86CB9927F58AE49255935D50CE4D372E57873D8C83B4B68E71818C7316D7F14D'
+FORGOTPASS_KEY='42015FF556615CD6A9FB6884EB4B360CAE118B27E8597B4A1AF435DB703784E3'
+
View
@@ -72,3 +72,10 @@
EMAIL_PORT=25
EMAIL_HOST_USER='user%localhost'
EMAIL_HOST_PASSWORD='****'
+
+# Seeds for the api key generation. These are examples, they should be changed at each installation.
+# You can find good seeds at https://www.grc.com/passwords.htm
+APIKEY_KEY='BB20B26D35578F0CD53B1F9F270DEC2410F1BA90FB1BADCC3D79875DEC534C04'
+ONETIMEPASS_KEY='86CB9927F58AE49255935D50CE4D372E57873D8C83B4B68E71818C7316D7F14D'
+FORGOTPASS_KEY='42015FF556615CD6A9FB6884EB4B360CAE118B27E8597B4A1AF435DB703784E3'
+
@@ -115,3 +115,10 @@
ANALYTICAL_INTERNAL_IPS = ['127.0.0.1']
GOOGLE_ANALYTICS_PROPERTY_ID = 'UA-*******-**'
MIXPANEL_API_TOKEN = '*******************'
+
+# Seeds for the api key generation. These are examples, they should be changed at each installation.
+# You can find good seeds at https://www.grc.com/passwords.htm
+APIKEY_KEY='BB20B26D35578F0CD53B1F9F270DEC2410F1BA90FB1BADCC3D79875DEC534C04'
+ONETIMEPASS_KEY='86CB9927F58AE49255935D50CE4D372E57873D8C83B4B68E71818C7316D7F14D'
+FORGOTPASS_KEY='42015FF556615CD6A9FB6884EB4B360CAE118B27E8597B4A1AF435DB703784E3'
+

0 comments on commit 99edd35

Please sign in to comment.