Bug 856491

Summary: Avoid leaving database passphrase in Django settings module after initialisation
Product: [Community] PulpDist Reporter: Nick Coghlan <ncoghlan>
Component: Web AppAssignee: Nick Coghlan <ncoghlan>
Status: CLOSED EOL QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecified   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-29 03:04:16 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Nick Coghlan 2012-09-12 07:04:42 UTC 
During startup, the database passphrase is read into the Django settings module. The model configuration then picks it up from there in order to retrieve OAuth credentials from the database.

The main security element here is the limitation on direct access to the database itself - without the database, the passphrase is useless. However, it's still desirable to make it difficult to access the passphrase, and leaving it in the Django settings module makes it readily accessible in various diagnostic tools, including Django's own traceback error pages (when they're enabled, which is not normally the case in production).

The model code should remove this field from the settings module after storing it locally. (Note: this will likely break automatic reloading in the Django development server, if it tries to automatically reload the model definition file)
Comment 1 Nick Coghlan 2016-09-29 03:04:16 UTC 
Marking all remaining PulpDist issues as CLOSED-EOL

It doesn't make sense to leave these issues open, as PulpDist hasn't been in active development for quite some time, and restarting development would involve a significant modernisation effort that would likely render many of these requests irrelevant.