Hi Uri,
Never expose whole settings anytime. settings is always includes sensitive data. At least DB access key and Django's secret value.
This attitude is highly vulnerable. Anyone could access those sensitive data via response headers if you don't play settings without cautious.
Saygılarımla,
Sencer HAMARATOn Fri, May 29, 2020 at 7:11 AM אורי <uri@speedy.net> wrote:
Django users,--There was a discussion in Stack Overflow related to an answer of mine - how to access settings from templates in Django [https://stackoverflow.com/a/53953578/1412564]. And I would like to know - is it generally unsafe to expose all my settings to templates and why? Should I use the updated answer and expose only specific settings to templates? Because if a hacker can change my templates, they can also change my .py files, and then they can give themselves any access they want to. So what is better - expose all my settings to templates or only specific settings which I consider safe?Thanks,Uri.אורי
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CABD5YeEmHtPHMKs7ub42eeTQR8_XfDUGwyCtn9XGmvZ0JyFfwQ%40mail.gmail.com.
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CACp8TZhg3ES2eaUaqP0GYAXyBiWW%2BzWgB2-QEJHX%3DQi13-C5BA%40mail.gmail.com.
No comments:
Post a Comment