Saturday, March 31, 2018

Re: Decoupling Postgres database credentials in django for deployment.

How is github "security" going to help you keep your passwords safe and why is this better than ENV variables (which most of use without any problems).?

On Friday, 30 March 2018 16:50:03 UTC+2, Bill Torcaso wrote:

I have a concern about using environment variables to hold secret information, and an opinion about it.  

IF

DEBUG is enabled, and there is a 500 server internal error, and the default 500 template is used to render the response, 

THEN

all of your secret information is shown in the browser output

Of course, DEBUG should never be enabled in production.  But a single human error might make it happen. 

I would prefer to trust Github security and long passwords than to think I am infallible about setting DEBUG. 

Note that this is certainly what happens when I run on a Vagrant VM, and I think it would be the same in a Docker-like container.




On Thursday, March 29, 2018 at 4:24:40 PM UTC-4, prince gosavi wrote:
Hi,
I have made a django project and want to deploy it on cloud.
Before that i want to decouple all the private information.
I want to decouple the database info too, like the username password etc.
Any help is appreciated.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/cea076e8-4dcc-4c7e-a845-92f1d914b2c0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment