Correction d'une méga faille de sécu
Ajout d'un fail-safe si la clé est celle par défaut
This commit is contained in:
parent
e99e45b4ca
commit
f6be314ed7
|
@ -8,6 +8,10 @@ import time
|
|||
app = Flask(__name__)
|
||||
app.config.from_object(Config)
|
||||
|
||||
# Check security of secret
|
||||
if Config.SECRET_KEY == "a-random-secret-key":
|
||||
raise Exception("Please use a strong secret key!")
|
||||
|
||||
db = SQLAlchemy(app)
|
||||
migrate = Migrate(app, db)
|
||||
|
||||
|
|
14
config.py
14
config.py
|
@ -1,14 +1,16 @@
|
|||
import os
|
||||
import datetime
|
||||
from local_config import DB_NAME
|
||||
from local_config import DB_NAME, SECRET_KEY
|
||||
|
||||
|
||||
class Config(object):
|
||||
SECRET_KEY = os.environ.get('SECRET_KEY') or 'a-random-secret-key'
|
||||
SECRET_KEY = os.environ.get('SECRET_KEY') or SECRET_KEY
|
||||
SQLALCHEMY_DATABASE_URI = os.environ.get('DATABASE_URL') or \
|
||||
'postgresql+psycopg2://' + os.environ.get('USER') + ':@/' + DB_NAME
|
||||
SQLALCHEMY_TRACK_MODIFICATIONS = False
|
||||
UPLOAD_FOLDER = './app/static/avatars'
|
||||
SESSION_COOKIE_SECURE = True
|
||||
REMEMBER_COOKIE_SECURE = True
|
||||
|
||||
|
||||
class V5Config(object):
|
||||
|
@ -27,3 +29,11 @@ class V5Config(object):
|
|||
THREAD_NAME_MAXLEN = 32
|
||||
# Remember-me cookie duration time
|
||||
REMEMBER_COOKIE_DURATION = datetime.timedelta(days=7)
|
||||
# XP points for content posting (and deletion)
|
||||
XP_POINTS = {
|
||||
'topic': 2,
|
||||
'program': 5,
|
||||
'tutorial': 5,
|
||||
'comment': 1,
|
||||
'contest': 10,
|
||||
}
|
||||
|
|
|
@ -2,3 +2,4 @@ DB_NAME = "pcv5"
|
|||
USE_LDAP = False
|
||||
LDAP_PASSWORD = "openldap"
|
||||
LDAP_ORGANIZATION = "o=planet-casio"
|
||||
SECRET_KEY = "a-random-secret-key" # CHANGE THIS VALUE *NOW*
|
||||
|
|
Loading…
Reference in New Issue