Opened 13 years ago

Closed 13 years ago

#16874 closed Cleanup/optimization (wontfix)

Security issue: settings.py stores password+username in plain-text

Reported by: AlecTaylor Owned by: nobody
Component: Core (Other) Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Design decision needed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Good evening,

I've just begun learning DJango when I noticed settings.py stores password+username in plain-text.

Please fix this (i.e. by implementing something with PyOpenSSL or I can write a frontend in C++)

Thanks,

Alec Taylor

Change History (2)

comment:1 by Aymeric Augustin, 13 years ago

Component: Database layer (models, ORM)Core (Other)
Severity: Release blockerNormal
Triage Stage: UnreviewedDesign decision needed
Type: UncategorizedCleanup/optimization

settings.py is a regular python file, you can implement the password loading mechanism that best suits your needs. However, I think it's unrealistic to try to develop a one-size-fits-all password storage mechanism. There are too many uses of Django.

The (POSIX) user under which the application runs needs access to the password anyway, so it's hard to provide much more security than chowning settings.py to this user and chmodding to 400.

Marking as DDN, but I think core devs will say "wontfix".

Thanks for the suggestion!

comment:2 by Russell Keith-Magee, 13 years ago

Resolution: wontfix
Status: newclosed
  1. First off, *PLEASE* don't report security issues to Trac. If you think you have found a security issue, it should be reported to security@…, just like it says on the new ticket page.
  1. Like aaugustin says, this isn't a security issue. If an attacker is in a position where they can read your settings.py file, the battle is already lost.
  1. If you still want to use a different authentication method, you have that flexibility. The only part of settings.py that specifies a username and password is the database backend, and they are plugabble, so you can implement your own backend with your own authentication method if you want.

If you implement a pluggable backend with a custom authentication scheme and want to contribute it to trunk, we *might* consider adding it to trunk (depending on complexity, efficacy, etc), but otherwise, having this as an open ticket won't actually progress anything. Marking wontfix, as aaugustin suggested.

Note: See TracTickets for help on using tickets.
Back to Top