I actually have a production_settings.py file that only exists on my server, is not part of version control, and is only readable by the Apache user.
It consists of: from settings import * DEBUG = False DATABASE_NAME = blah DATABASE_USER = blah DATABASE_PASSWORD = blah SECRET_KEY = blah where the latter two are constructed using a random password generator and, in my case, are 20 and 50 characters each. I then point to production_settings as my DJANGO_SETTINGS_MODULE for mod_python and the production settings overwrite the settings that I use for production. Todd On 11/1/07, Carl Karsten <[EMAIL PROTECTED]> wrote: > > Given that some settings.py files get shared/posted/uploaded to code.google, > etc. it seems this should not be in there by default: > > # Make this unique, and don't share it with anybody. > SECRET_KEY = 'foo!' > > I am sure there are already a dozen or so good solutions to this problem, > plus mine: > > SECRET_KEY_file_name = os.path.expanduser('~/.secret') > try: > SECRET_KEY_file = open(SECRET_KEY_file_name,'r') > SECRET_KEY = SECRET_KEY_file.read().strip() > except IOError: > # if the file doesn't exist, gen a key and save it to the file. > from random import choice > SECRET_KEY_file = open(SECRET_KEY_file_name,'w') > SECRET_KEY = > ''.join([choice('[EMAIL PROTECTED]&*(-_=+)') for i in > range(50)]) > SECRET_KEY_file.write( SECRET_KEY ) > finally: > SECRET_KEY_file.close() > > let the code war begin. > > Carl K > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---