Friday, March 30, 2018

Re: Decoupling Postgres database credentials in django for deployment.

You're perfectly right about the "500 Error + DEBUG" case.


One solution is to set DEBUG to off by default, and turn it on by code in the setting module if detecting  that the app is executing in a dev or Q&A environment. Depending on your context, this can be done with rules based on the host name or some other properties of the target systems.


Best


Eric


From: django-users@googlegroups.com <django-users@googlegroups.com> on behalf of Bill Torcaso <torcasobill@gmail.com>
Sent: Friday, March 30, 2018 4:50:02 PM
To: Django users
Subject: Re: Decoupling Postgres database credentials in django for deployment.
 

I have a concern about using environment variables to hold secret information, and an opinion about it.  

IF

DEBUG is enabled, and there is a 500 server internal error, and the default 500 template is used to render the response, 

THEN

all of your secret information is shown in the browser output

Of course, DEBUG should never be enabled in production.  But a single human error might make it happen. 

I would prefer to trust Github security and long passwords than to think I am infallible about setting DEBUG. 

Note that this is certainly what happens when I run on a Vagrant VM, and I think it would be the same in a Docker-like container.




On Thursday, March 29, 2018 at 4:24:40 PM UTC-4, prince gosavi wrote:
Hi,
I have made a django project and want to deploy it on cloud.
Before that i want to decouple all the private information.
I want to decouple the database info too, like the username password etc.
Any help is appreciated.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/f5a1498a-3383-4219-b10e-e3e64f164658%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment