All you should do is have production settings as default - all settings (like DEBUG) should be set the way you use them in production. Then you have a local setting on your development machine - that should enable DEBUG and also NEVER be stored in the repository.
Development settings should not be stored as defaults in settings.py.
Med vänliga hälsningar,
Andréas
2018-03-30 18:09 GMT+02:00 Phang Mulianto <braveh4rt@gmail.com>:
I agree to set debug to false in your production configuration file. Never debug on production setup.If need enable debug on, use in staging environment or with different django configuration files.To view this discussion on the web visit https://groups.google.com/d/--On Fri, 30 Mar 2018 23:52 PASCUAL Eric, <eric.pascual@cstb.fr> wrote:--You're perfectly right about the "500 Error + DEBUG" case.
One solution is to set DEBUG to off by default, and turn it on by code in the setting module if detecting that the app is executing in a dev or Q&A environment. Depending on your context, this can be done with rules based on the host name or some other properties of the target systems.
Best
Eric
From: django-users@googlegroups.com <django-users@googlegroups.com> on behalf of Bill Torcaso <torcasobill@gmail.com>
Sent: Friday, March 30, 2018 4:50:02 PM
To: Django users
Subject: Re: Decoupling Postgres database credentials in django for deployment.--I have a concern about using environment variables to hold secret information, and an opinion about it.
IF
DEBUG is enabled, and there is a 500 server internal error, and the default 500 template is used to render the response,
THEN
all of your secret information is shown in the browser output
Of course, DEBUG should never be enabled in production. But a single human error might make it happen.
I would prefer to trust Github security and long passwords than to think I am infallible about setting DEBUG.
Note that this is certainly what happens when I run on a Vagrant VM, and I think it would be the same in a Docker-like container.
On Thursday, March 29, 2018 at 4:24:40 PM UTC-4, prince gosavi wrote:Hi,
I have made a django project and want to deploy it on cloud.
Before that i want to decouple all the private information.
I want to decouple the database info too, like the username password etc.
Any help is appreciated.
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com .
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users .
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/f5a1498a- .3383-4219-b10e-e3e64f164658% 40googlegroups.com
For more options, visit https://groups.google.com/d/optout .
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com .
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users .
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/ .DB7P193MB03311541D366207EF7606 9C28CA10%40DB7P193MB0331. EURP193.PROD.OUTLOOK.COM
For more options, visit https://groups.google.com/d/optout .
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com .
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users .msgid/django-users/CA% .2BSr5mTee6UdLUqXUnr8Pz1HNp5YTL %2BMME3-gjp_Mc-Q2CNJNQ%40mail. gmail.com
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAK4qSCfcU1YiYTH3Ehrav_Qg_%2BCFBCmYAoDko6jTf-dpD%2BQZ5A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment