I have a concern about using environment variables to hold secret information, and an opinion about it.
IF DEBUG is enabled, and there is a 500 server internal error, and the default 500 template is used to render the response, THEN *all of your secret information is shown in the browser output* Of course, DEBUG should never be enabled in production. But a single human error might make it happen. I would prefer to trust Github security and long passwords than to think I am infallible about setting DEBUG. Note that this is certainly what happens when I run on a Vagrant VM, and I think it would be the same in a Docker-like container. On Thursday, March 29, 2018 at 4:24:40 PM UTC-4, prince gosavi wrote: > > Hi, > I have made a django project and want to deploy it on cloud. > Before that i want to decouple all the private information. > I want to decouple the database info too, like the username password etc. > Any help is appreciated. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/f5a1498a-3383-4219-b10e-e3e64f164658%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
