Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove defaults for security related settings #326

Closed
tpazderka opened this issue Apr 6, 2017 · 2 comments · Fixed by #387
Closed

Remove defaults for security related settings #326

tpazderka opened this issue Apr 6, 2017 · 2 comments · Fixed by #387
Labels
bug
Milestone
P1: MUST

Comments

@tpazderka
Copy link
Collaborator

Some classes have security related settings as optional arguments with defined value or do define such value if None is provided. This is considered as a bad practice and either they should not be optional where it makes sense or should raise ImproperlyConfiugured if user tries to use them without providing a value.
@tpazderka tpazderka added the bug label Apr 6, 2017
@tpazderka tpazderka added this to the P1: MUST milestone Apr 6, 2017
@decentral1se
Copy link
Contributor

Sounds sensible!

@schlenk
Copy link
Collaborator

schlenk commented Jun 28, 2017
edited
Loading

At least:

  • utils/sdb.py SessionDB password and secret and seed

I don't think examples should matter in this case, if the secrets are in the configuration part.

@schlenk schlenk mentioned this issue Jun 29, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
P1: MUST
Development

Successfully merging a pull request may close this issue.

Refactor SessionDB constructor and use secure defaults schlenk/pyoidc
3 participants
@schlenk @decentral1se @tpazderka