Mercurial > kallithea
changeset 3961:c9ca7fa55b0d beta
Fill session cookie secret with random generated app_uuid.
By default this setup is much more secure since it uses
SignedCookies instead of plain ones
| author | Marcin Kuzminski <marcin@python-works.com> |
|---|---|
| date | Fri, 07 Jun 2013 19:23:20 +0200 |
| parents | e1a0fdaecf63 |
| children | 22f925aea8b4 |
| files | development.ini production.ini rhodecode/config/deployment.ini_tmpl |
| diffstat | 3 files changed, 12 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/development.ini Fri Jun 07 00:21:45 2013 +0200 +++ b/development.ini Fri Jun 07 19:23:20 2013 +0200 @@ -293,9 +293,11 @@ ## file based cookies (default) ## #beaker.session.type = file +beaker.session.key = rhodecode +beaker.session.secret = ${app_instance_uuid} -beaker.session.key = rhodecode -## secure cookie requires AES python libraries +## Secure encrypted cookie. Requires AES and AES python libraries +## you must disable beaker.session.secret to use this #beaker.session.encrypt_key = <key_for_encryption> #beaker.session.validate_key = <validation_key>
--- a/production.ini Fri Jun 07 00:21:45 2013 +0200 +++ b/production.ini Fri Jun 07 19:23:20 2013 +0200 @@ -293,9 +293,11 @@ ## file based cookies (default) ## #beaker.session.type = file +beaker.session.key = rhodecode +beaker.session.secret = ${app_instance_uuid} -beaker.session.key = rhodecode -## secure cookie requires AES python libraries +## Secure encrypted cookie. Requires AES and AES python libraries +## you must disable beaker.session.secret to use this #beaker.session.encrypt_key = <key_for_encryption> #beaker.session.validate_key = <validation_key>
--- a/rhodecode/config/deployment.ini_tmpl Fri Jun 07 00:21:45 2013 +0200 +++ b/rhodecode/config/deployment.ini_tmpl Fri Jun 07 19:23:20 2013 +0200 @@ -293,9 +293,11 @@ ## file based cookies (default) ## #beaker.session.type = file +beaker.session.key = rhodecode +beaker.session.secret = ${app_instance_uuid} -beaker.session.key = rhodecode -## secure cookie requires AES python libraries +## Secure encrypted cookie. Requires AES and AES python libraries +## you must disable beaker.session.secret to use this #beaker.session.encrypt_key = <key_for_encryption> #beaker.session.validate_key = <validation_key>