summaryrefslogtreecommitdiff
path: root/pkgs/development/python-modules/rangehttpserver
diff options
context:
space:
mode:
authoremilylange <git@emilylange.de>2024-03-09 18:19:51 +0100
committerBjørn Forsman <bjorn.forsman@gmail.com>2024-03-11 17:34:29 +0100
commit61a651e36286e1667afa73367465b09edcff6add (patch)
tree921abc6e85c52a80a0fefbea1bc17b203013ec61 /pkgs/development/python-modules/rangehttpserver
parentbc3604ee35c8a7be4e219174411d1418d3787804 (diff)
nixos/lldap: bootstrap `jwt_secret` if not provided
If not provided, lldap defaults to `secretjwtsecret` as value which is hardcoded in the code base. See https://github.com/lldap/lldap/blob/v0.5.0/server/src/infra/configuration.rs#L76-L77 This is really bad, because it is trivially easy to generate an admin access token/cookie as attacker, if a `jwt_secret` is known.
Diffstat (limited to 'pkgs/development/python-modules/rangehttpserver')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-30 16:29:51 +0000