Warning: Can't synchronize with repository "(default)" (Unsupported version control system "svn": No module named svn). Look in the Trac log for more information.

Ticket #2300 (closed enhancement: fixed)

Opened 10 years ago

Last modified 10 years ago

Generate session secret when quickstarting

Reported by: pitrou Owned by:
Priority: lowest Milestone: 2.1a2
Component: TurboGears Version: 2.0b7
Severity: minor Keywords:
Cc:

Description

This is just a nice-to-have. When quickstarting a project it would be cool if the session secret(s) were automatically generated (rather than initialized to "some secret"). A good enough formula is sha.new(os.urandom(32)).hexdigest().

(although there should probably be a fallback if os.urandom is not defined)

Change History

comment:1 Changed 10 years ago by chrisz

Only the development.ini file uses "some secret". The deployment.ini file already uses a random value that is set up by paste script.

comment:2 Changed 10 years ago by jorge.vargas

  • Milestone set to 2.1a1

comment:3 follow-up: ↓ 4 Changed 10 years ago by lszyba1

Isn't this a duplicate of #2282 fixed in #2304 ?

comment:4 in reply to: ↑ 3 Changed 10 years ago by jorge.vargas

Replying to lszyba1:

Isn't this a duplicate of #2282 fixed in #2304 ?

yes, it is.

comment:5 Changed 10 years ago by pedersen

This is *also* fixed for development.ini as of  http://bitbucket.org/pedersen/tgdevtools-dev/changeset/bab5e461b1b1/

Once this changeset is merged in, beaker.session.secret (and, by extension, sa_auth.cookie_secret in #2282) will always be a random value, even for development.

comment:6 Changed 10 years ago by pedersen

  • Status changed from new to closed
  • Resolution set to fixed

code has been put in place for 2.1 series. Closing this ticket.

Note: See TracTickets for help on using tickets.