Sandro Bonazzola has uploaded a new change for review. Change subject: packaging: setup: hardening postgresql password ......................................................................
packaging: setup: hardening postgresql password Use random.SystemRandom instead of random and extend password lenght to 22 chars in order to have at least 128 bits of entropy. Change-Id: I76769e7eb65df35f982b1ef9e36bc81d1f42b79a Signed-off-by: Sandro Bonazzola <[email protected]> (cherry picked from commit 78d5316978a2a078683819a94891d09d403d46b0) --- M packaging/setup/plugins/ovirt-engine-setup/provisioning/postgres.py 1 file changed, 3 insertions(+), 2 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/35/27635/1 diff --git a/packaging/setup/plugins/ovirt-engine-setup/provisioning/postgres.py b/packaging/setup/plugins/ovirt-engine-setup/provisioning/postgres.py index 1f0d166..da34042 100644 --- a/packaging/setup/plugins/ovirt-engine-setup/provisioning/postgres.py +++ b/packaging/setup/plugins/ovirt-engine-setup/provisioning/postgres.py @@ -1,6 +1,6 @@ # # ovirt-engine-setup -- ovirt engine setup -# Copyright (C) 2013 Red Hat, Inc. +# Copyright (C) 2013-2014 Red Hat, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -76,7 +76,8 @@ os.seteuid(os.getuid()) def _generatePassword(self): - return ''.join([random.choice(self._PASSWORD_CHARS) for i in range(8)]) + rand = random.SystemRandom() + return ''.join([rand.choice(self._PASSWORD_CHARS) for i in range(22)]) def _initDB(self): self.logger.info(_('Initializing PostgreSQL')) -- To view, visit http://gerrit.ovirt.org/27635 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I76769e7eb65df35f982b1ef9e36bc81d1f42b79a Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-3.3 Gerrit-Owner: Sandro Bonazzola <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
