IF
DEBUG is enabled, and there is a 500 server internal error, and the default 500 template is used to render the response,
THEN
all of your secret information is shown in the browser output
Of course, DEBUG should never be enabled in production. But a single human error might make it happen.
I would prefer to trust Github security and long passwords than to think I am infallible about setting DEBUG.
Note that this is certainly what happens when I run on a Vagrant VM, and I think it would be the same in a Docker-like container.
On Thursday, March 29, 2018 at 4:24:40 PM UTC-4, prince gosavi wrote:
Hi,
I have made a django project and want to deploy it on cloud.
Before that i want to decouple all the private information.
I want to decouple the database info too, like the username password etc.
Any help is appreciated.
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/f5a1498a-3383-4219-b10e-e3e64f164658%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment