I actually have a production_settings.py file that only exists on my
server, is not part of version control, and is only readable by the
Apache user.
It consists of:
from settings import *
DEBUG = False
DATABASE_NAME = blah
DATABASE_USER = blah
DATABASE_PASSWORD = blah
SECRET_KEY = blah
where the latter two are constructed using a random password generator
and, in my case, are 20 and 50 characters each.
I then point to production_settings as my DJANGO_SETTINGS_MODULE for
mod_python and the production settings overwrite the settings that I
use for production.
Todd
On 11/1/07, Carl Karsten <[EMAIL PROTECTED]> wrote:
>
> Given that some settings.py files get shared/posted/uploaded to code.google,
> etc. it seems this should not be in there by default:
>
> # Make this unique, and don't share it with anybody.
> SECRET_KEY = 'foo!'
>
> I am sure there are already a dozen or so good solutions to this problem,
> plus mine:
>
> SECRET_KEY_file_name = os.path.expanduser('~/.secret')
> try:
> SECRET_KEY_file = open(SECRET_KEY_file_name,'r')
> SECRET_KEY = SECRET_KEY_file.read().strip()
> except IOError:
> # if the file doesn't exist, gen a key and save it to the file.
> from random import choice
> SECRET_KEY_file = open(SECRET_KEY_file_name,'w')
> SECRET_KEY =
> ''.join([choice('[EMAIL PROTECTED]&*(-_=+)') for i in
> range(50)])
> SECRET_KEY_file.write( SECRET_KEY )
> finally:
> SECRET_KEY_file.close()
>
> let the code war begin.
>
> Carl K
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
