[Bug 670582] New: yastwc/ws secret generation code
https://bugzilla.novell.com/show_bug.cgi?id=670582 https://bugzilla.novell.com/show_bug.cgi?id=670582#c0 Summary: yastwc/ws secret generation code Classification: openSUSE Product: openSUSE 11.4 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: WebYaST AssignedTo: kkaempf@novell.com ReportedBy: lnussel@novell.com QAContact: qa@suse.de Found By: --- Blocker: --- the secret generation code in the yastws and yastwc scripts look rather awkward. esp the sed call with the hardcoded original value. Note that sed is called on each startup but matches only the first time so this is superfluous overhead. Wouldn't it make more sense to store the secret somewhere below /var and test for it's existence before doing anything expensive? Ie something like if [ ! -e /var/lib/yastws/secret ]; then rake -s secret > /var/lib/yastws/secret fi plus code in environment.rb that reads that file? Or potentially even move all the code to ruby and avoid the extra shell stuff completely? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=670582 https://bugzilla.novell.com/show_bug.cgi?id=670582#c Klaus Kämpf <kkaempf@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|kkaempf@novell.com |mvidner@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=670582 https://bugzilla.novell.com/show_bug.cgi?id=670582#c Martin Vidner <mvidner@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Status|NEW |ASSIGNED CC| |jreidinger@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=670582 https://bugzilla.novell.com/show_bug.cgi?id=670582#c1 --- Comment #1 from Josef Reidinger <jreidinger@novell.com> 2011-02-11 08:38:15 UTC --- Hi, I create such code. Your code looks good, but we want to keep rails way. Usual solution is to generate secret for each server ( so we do it during install of webyast), but problem is when you have appliances as appliances share secret, this is reason why we move it to start code ( so we have hardcoded secret which we change during first start of webyast ). We also cannot use generation during first initialize of environment.rb as we during build call tests which also initialize environment.rb I agree that it would be nice to change it, but please keep in mind all restriction as it can cause serious security problem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=670582 https://bugzilla.novell.com/show_bug.cgi?id=670582#c Josef Reidinger <jreidinger@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|mvidner@novell.com |webyast-maintainers@forge.p | |rovo.novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com