webapp secret keys should be regenerated during installation
Bug #337612 reported by
Alon Swartz
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
TurnKey Linux |
Fix Released
|
High
|
Alon Swartz | ||
2009.02-hardy-x86 |
New
|
Undecided
|
Unassigned |
Bug Description
Some TurnKey appliances (joomla, mediawiki, django, rails) are vulnerable to a cryptographic weakness due to the usage of a non-secret key.
The secret keys are mainly used in generating/
To post a comment you must log in.
All appliances in the 2009.02 release include this fix.
It is recommended to regenerate the secret key on existing installations of appliances released prior to 2009.02
Joomla configuration. php
variable: $secret
path: /etc/joomla15/
Mediawiki LocalSettings. php
variable: $wgSecretKey
path: /etc/mediawiki/
Django django- sites/apps/ settings. py
variable: SECRET_KEY
path: /var/www/
Rails railsapp/ config/ environment. rb
variable: :secret
path: /var/www/