Bug 856491 - Avoid leaving database passphrase in Django settings module after initialisation
Avoid leaving database passphrase in Django settings module after initialisation
Product: PulpDist
Classification: Community
Component: Web App (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Nick Coghlan
Depends On:
  Show dependency treegraph
Reported: 2012-09-12 03:04 EDT by Nick Coghlan
Modified: 2016-09-28 23:04 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-09-28 23:04:16 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Nick Coghlan 2012-09-12 03:04:42 EDT
During startup, the database passphrase is read into the Django settings module. The model configuration then picks it up from there in order to retrieve OAuth credentials from the database.

The main security element here is the limitation on direct access to the database itself - without the database, the passphrase is useless. However, it's still desirable to make it difficult to access the passphrase, and leaving it in the Django settings module makes it readily accessible in various diagnostic tools, including Django's own traceback error pages (when they're enabled, which is not normally the case in production).

The model code should remove this field from the settings module after storing it locally. (Note: this will likely break automatic reloading in the Django development server, if it tries to automatically reload the model definition file)
Comment 1 Nick Coghlan 2016-09-28 23:04:16 EDT
Marking all remaining PulpDist issues as CLOSED-EOL

It doesn't make sense to leave these issues open, as PulpDist hasn't been in active development for quite some time, and restarting development would involve a significant modernisation effort that would likely render many of these requests irrelevant.

Note You need to log in before you can comment on or make changes to this bug.