Commit ee017c9
Use crypto/rand for Django SECRET_KEY generation
Replace math/rand-based rand.String(10) (~47 bits entropy) with
lib-common's util.GeneratePassword(50) which uses crypto/rand,
matching Django's own default SECRET_KEY length.
The key is used to HMAC-sign CSRF tokens and session cookies.
Existing deployments are not affected — the secret is only generated
when it does not already exist (ensureHorizonSecret checks for an
existing secret before creating a new one).
Jira: OSPRH-31813
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: Martin Schuppert <mschuppert@redhat.com>1 parent ada2819 commit ee017c9
1 file changed
Lines changed: 8 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
55 | 55 | | |
56 | 56 | | |
57 | 57 | | |
58 | | - | |
59 | 58 | | |
60 | 59 | | |
61 | 60 | | |
| |||
1188 | 1187 | | |
1189 | 1188 | | |
1190 | 1189 | | |
| 1190 | + | |
| 1191 | + | |
| 1192 | + | |
| 1193 | + | |
| 1194 | + | |
| 1195 | + | |
1191 | 1196 | | |
1192 | 1197 | | |
1193 | 1198 | | |
1194 | 1199 | | |
1195 | 1200 | | |
1196 | 1201 | | |
1197 | | - | |
| 1202 | + | |
1198 | 1203 | | |
1199 | 1204 | | |
1200 | 1205 | | |
1201 | 1206 | | |
1202 | | - | |
| 1207 | + | |
1203 | 1208 | | |
1204 | 1209 | | |
1205 | 1210 | | |
| |||
0 commit comments