heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improve fs security for itsdangerous secret.

Browse Source 
Set mode 700 on the directory, mode 600 on the file.
This commit is contained in:
Elrond 2013-03-22 19:12:55 +01:00
parent 5a8aae3aba
commit bb530c4445
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mediagoblin/tools/crypto.py
View File

@ -38,14 +38,18 @@ def setup_crypto():
global __itsda_secret global __itsda_secret
dir = mg_globals.app_config["crypto_path"] dir = mg_globals.app_config["crypto_path"]
if not os.path.isdir(dir): if not os.path.isdir(dir):
_log.info("Creating %s", dir)
os.makedirs(dir) os.makedirs(dir)
os.chmod(dir, 0700)
_log.info("Created %s", dir)
name = os.path.join(dir, "itsdangeroussecret.bin") name = os.path.join(dir, "itsdangeroussecret.bin")
if os.path.exists(name): if os.path.exists(name):
__itsda_secret = file(name, "r").read() __itsda_secret = file(name, "r").read()
else: else:
__itsda_secret = str(getrandbits(192)) __itsda_secret = str(getrandbits(192))
file(name, "w").write(__itsda_secret) f = file(name, "w")
f.write(__itsda_secret)
f.close()
os.chmod(name, 0600)
_log.info("Created %s", name) _log.info("Created %s", name)