So the SECRET_KEY is stored in the database at syncdb time? What if it gets compromised, you need to modify that table/row? Just asking out of curiosity :-)
2013/6/20 John DeRosa <[email protected]> > When we run the development server locally, we often start with an > already-existing database. We don't re-initialize the db unless we have to, > because there's been a schema change or a change in the value stored in a > table's field. > > So we'd need SECRET_KEY to not change most of the time! > > John > > On Jun 20, 2013, at 8:29 AM, Michael Cetrulo <[email protected]> wrote: > > considering that the SECRET_KEY is automatically generated every time a > new project is created [1], wouldn't make more sense to have this logic on > settings.py and generate a new value when loading the app instead of saving > it as an actual hardcoded value there? eg: > > #settings.py > > from django.utils.crypto import get_random_string > chars = 'abcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*(-_=+)' > SECRET_KEY = get_random_string(50, chars) > > is there any problems I'm not considering here? thanks. > > [1] > https://github.com/django/django/blob/master/django/core/management/commands/startproject.py > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/django-users. > For more options, visit https://groups.google.com/groups/opt_out. > > > > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/django-users. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-users. For more options, visit https://groups.google.com/groups/opt_out.
