Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Jul 3, 2012
  1. @saschpe

    Provide utilities to automate secure secret key generation

    saschpe authored
    Implements blueprint automatic-secure-key-generation
    
    Reduce the likeliness that the (commented-out) default key is abused
    and document possible options instead.
    
    Also use a non-empty SECRET_KEY for development / testing environments.
    
    A later patch would make it a hard error if no SECRET_KEY is defined
    (i.e. Django defaults to an empty string which is anything but secure).
    Unfortunately, I can't do it now as the devstack integration test would
    fail (they don't set a SECRET_KEY either) currently. So, when this
    blueprint is accepted, I would submit a fix to devstack and afterwards
    add the error message to warn the user about insecure defaults.
    
    Addressed PEP-8 issues
    
    Change-Id: Ifdab8e6b6fb3025fde7a2b92beb046ec9c5cba7f
Something went wrong with that request. Please try again.