Comment 0 for bug 1755027

Revision history for this message
James Troup (elmo) wrote : local_settings.py is world readable and contains passwords

nobody@juju-a45617-0-lxd-4:/$ grep PASSWORD /etc/openstack-dashboard/local_settings.py
        'PASSWORD': 'yNXwml0TXuWjcW19jDzE49IiohSIMY',
#EMAIL_HOST_PASSWORD = 'top-secret!'
#OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False
OPENSTACK_ENABLE_PASSWORD_RETRIEVE = True
#ENFORCE_PASSWORD_CHECK = False
nobody@juju-a45617-0-lxd-4:/$

Needless to say, I should not be able to see passwords as 'nobody'.

This is on a customer site, but I've reproduced at least the world readableness with a fresh deploy of cs:openstack-dashboard locally.