- The pylons_* paster template used the same string (``your_app_secret_st...

Chris McDonough

2010-11-10 7bd14cbfb396bdb1e892ef0b9d51619c78ae368f

- The pylons_* paster template used the same string
  (``your_app_secret_string``) for the ``session.secret`` setting in the
  generated ``development.ini``.  This was a security risk if left unchanged
  in a project that used one of the templates to produce production
  applications.  It now uses a randomly generated string.

 CHANGES.txt

@@ -15,6 +15,12 @@
  syntax as the pattern supplied to ``add_route``.  This style of routing is
  not supported.  They were replaced with ``:colon`` style route patterns.

- The pylons_* paster template used the same string
  (``your_app_secret_string``) for the ``session.secret`` setting in the
  generated ``development.ini``.  This was a security risk if left unchanged
  in a project that used one of the templates to produce production
  applications.  It now uses a randomly generated string.

Documentation
-------------


 pyramid/paster.py

@@ -9,42 +9,47 @@

from pyramid.scripting import get_root

class StarterProjectTemplate(Template):
class PyramidTemplate(Template):
    def pre(self, command, output_dir, vars): # pragma: no cover
        vars['random_string'] = os.urandom(20).encode('hex')
        return Template.pre(self, command, output_dir, vars)

class StarterProjectTemplate(PyramidTemplate):
    _template_dir = 'paster_templates/starter'
    summary = 'pyramid starter project'
    template_renderer = staticmethod(paste_script_template_renderer)

class StarterZCMLProjectTemplate(Template):
class StarterZCMLProjectTemplate(PyramidTemplate):
    _template_dir = 'paster_templates/starter_zcml'
    summary = 'pyramid starter project (ZCML)'
    template_renderer = staticmethod(paste_script_template_renderer)

class ZODBProjectTemplate(Template):
class ZODBProjectTemplate(PyramidTemplate):
    _template_dir = 'paster_templates/zodb'
    summary = 'pyramid ZODB starter project'
    template_renderer = staticmethod(paste_script_template_renderer)

class RoutesAlchemyProjectTemplate(Template):
class RoutesAlchemyProjectTemplate(PyramidTemplate):
    _template_dir = 'paster_templates/routesalchemy'
    summary = 'pyramid SQLAlchemy project using Routes (no traversal)'
    template_renderer = staticmethod(paste_script_template_renderer)

class AlchemyProjectTemplate(Template):
class AlchemyProjectTemplate(PyramidTemplate):
    _template_dir = 'paster_templates/alchemy'
    summary = 'pyramid SQLAlchemy project using traversal'
    template_renderer = staticmethod(paste_script_template_renderer)

class PylonsBasicProjectTemplate(Template):
class PylonsBasicProjectTemplate(PyramidTemplate):
    _template_dir = 'paster_templates/pylons_basic'
    summary = 'Pylons basic project'
    template_renderer = staticmethod(paste_script_template_renderer)

class PylonsMinimalProjectTemplate(Template):
class PylonsMinimalProjectTemplate(PyramidTemplate):
    _template_dir = 'paster_templates/pylons_minimal'
    summary = 'Pylons minimal project'
    template_renderer = staticmethod(paste_script_template_renderer)

class PylonsSQLAlchemyProjectTemplate(Template):
class PylonsSQLAlchemyProjectTemplate(PyramidTemplate):
    _template_dir = 'paster_templates/pylons_sqla'
    summary = 'Pylons SQLAlchemy project'
    template_renderer = staticmethod(paste_script_template_renderer)

 pyramid/paster_templates/pylons_basic/development.ini_tmpl

@@ -10,7 +10,7 @@
session.data_dir = %(here)s/data/sessions/data
session.lock_dir = %(here)s/data/sessions/lock
session.key = {{project}}
session.secret = your_app_secret_string
session.secret = {{random_string}}

[pipeline:main]
pipeline = egg:WebError#evalerror

 pyramid/paster_templates/pylons_minimal/development.ini_tmpl

@@ -10,7 +10,7 @@
session.data_dir = %(here)s/data/sessions/data
session.lock_dir = %(here)s/data/sessions/lock
session.key = {{project}}
session.secret = your_app_secret_string
session.secret = {{random_string}}

[pipeline:main]
pipeline = egg:WebError#evalerror

 pyramid/paster_templates/pylons_sqla/development.ini_tmpl

@@ -12,7 +12,7 @@
session.data_dir = %(here)s/data/sessions/data
session.lock_dir = %(here)s/data/sessions/lock
session.key = {{project}}
session.secret = your_app_secret_string
session.secret = {{random_string}}

[pipeline:main]
pipeline =