Wednesday, October 26, 2022

Re: secret api keys

If you set debug=true, that's show only errors in url, views, and templates. Have no chance to show your secret key, which you placed in settings.py file.

On Thu, 27 Oct, 2022, 5:04 am Muhammad Juwaini Abdul Rahman, <juwaini@gmail.com> wrote:
People can't see it straight away. 

However, let's say if you forgot to set debut = False, they can see it. Not straight away, but very trivial.

It is advisable to put your secret keys in external file (.env for example) and use library like django-environ to get the value.

On Wed, 26 Oct 2022 at 23:09, john fabiani <johnf@jfcomputer.com> wrote:
Hi,

Maybe a dumb question but if I add secret keys in my settings.py file
(or should it be placed) will they be protected from the front end side
(the part that is displayed to the user of the website).

For example I have a secret key to access Authorize Net.  Will it be
protected from someone opening the website and using chrome to see the
source?

Johnf

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/eeb82d0a-f18d-c253-a613-24c685307f41%40jfcomputer.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAFKhtoSOzw7DcJmnXOrszXrv5OZ9Dt%2BJ%3D%2BAQaJhGczGL3-e%3DQQ%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAGw%2B2wJgyYB-9zD5ccs%3Daoq0R--94AtdrZvweCYm1oeomPMWsA%40mail.gmail.com.

No comments:

Post a Comment