Public bug reported: secret_key.py is used to generate a 64-bit key used by Django; however when it cannot find the 'SystemRandom' extension to the 'random' package it reverts to a generator that is, by documentation, not secure cryptographically. Witness:
https://docs.python.org/2/library/random.html Reverting to the generator without leaving a warning is a hazard from a system security perspective. We should log at WARN that there is a possible security issue in the configuration. ** Affects: horizon Importance: Undecided Status: New -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Dashboard (Horizon). https://bugs.launchpad.net/bugs/1588064 Title: secret_key.py doesn't warn when reverting to insecure key generation Status in OpenStack Dashboard (Horizon): New Bug description: secret_key.py is used to generate a 64-bit key used by Django; however when it cannot find the 'SystemRandom' extension to the 'random' package it reverts to a generator that is, by documentation, not secure cryptographically. Witness: https://docs.python.org/2/library/random.html Reverting to the generator without leaving a warning is a hazard from a system security perspective. We should log at WARN that there is a possible security issue in the configuration. To manage notifications about this bug go to: https://bugs.launchpad.net/horizon/+bug/1588064/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
