[8426] | 1 | """Configure dolmen.beaker. |
---|
| 2 | |
---|
| 3 | One main advantage of using dolmen.beaker is that session data for a |
---|
| 4 | certain user can be stored almost automatically in a cookie, thus |
---|
| 5 | reducing the number of needed ZODB operations. |
---|
| 6 | |
---|
| 7 | Security Advisory |
---|
| 8 | ----------------- |
---|
| 9 | |
---|
| 10 | To prevent users from playing around with their session data, these |
---|
| 11 | data is encrypted by some keys stored in a dict registered as a global |
---|
| 12 | utility. |
---|
| 13 | |
---|
| 14 | These keys are set each time the Zope instance starts. If they change, |
---|
| 15 | all existing cookies will become unreadable and therefore the stored |
---|
| 16 | sessions will be lost. Already logged-in users will have to login |
---|
| 17 | again and all other session based operations might have to be |
---|
| 18 | restarted. |
---|
| 19 | |
---|
| 20 | Changing the keys might therefore have sideeffects. |
---|
| 21 | |
---|
| 22 | On the other hand static keys stored in SVN might become known to |
---|
| 23 | users and enable them to manipulate their session data. |
---|
| 24 | |
---|
| 25 | For better security the keys (or one of the keys) could therefore be |
---|
| 26 | gathered from 'outside' (a file in filesystem, some environment var, |
---|
| 27 | or whatever). |
---|
| 28 | """ |
---|
| 29 | import grok |
---|
| 30 | from zope.app.appsetup.interfaces import IDatabaseOpenedWithRootEvent |
---|
| 31 | from zope.component import getUtility |
---|
| 32 | |
---|
| 33 | #: Our configuration for dolmen.beaker sessions. |
---|
| 34 | #: |
---|
| 35 | #: See http://gitweb.dolmen-project.org/dolmen.beaker.git?a=blob;f=src/dolmen/beaker/utilities.py |
---|
| 36 | #: |
---|
| 37 | #: for default configuration. |
---|
| 38 | BEAKER_CONFIG = dict( |
---|
| 39 | data_dir=None, |
---|
| 40 | invalidate_corrupt=True, |
---|
| 41 | key='waeup.kofa.session.id', |
---|
| 42 | log_file=None, |
---|
| 43 | secret="KofaRocks", |
---|
[16561] | 44 | timeout=3600, |
---|
[8426] | 45 | type="cookie", |
---|
| 46 | validate_key="thisMightBeChanged", |
---|
| 47 | ) |
---|
| 48 | |
---|
| 49 | @grok.subscribe(IDatabaseOpenedWithRootEvent) |
---|
| 50 | def set_beaker_conf(event): |
---|
| 51 | # Set beaker conf once when ZODB was opened |
---|
| 52 | try: |
---|
| 53 | from dolmen.beaker.interfaces import ISessionConfig |
---|
| 54 | except ImportError: |
---|
| 55 | # we seem to work without dolmen.beaker |
---|
| 56 | return |
---|
| 57 | |
---|
| 58 | config = getUtility(ISessionConfig) |
---|
| 59 | config.update(BEAKER_CONFIG) |
---|
| 60 | return |
---|