On Thu, 2007-11-01 at 19:58 -0500, Carl Karsten wrote: > James Bennett wrote: > > On 11/1/07, Carl Karsten <[EMAIL PROTECTED]> wrote: > >> Given that some settings.py files get shared/posted/uploaded to > >> code.google, > >> etc. it seems this should not be in there by default: > >> > >> # Make this unique, and don't share it with anybody. > >> SECRET_KEY = 'foo!' > > > > By the same token, then, the database settings shouldn't be in the > > settings file ;) > > > > (same goes for things like API keys, passwords for externally-accessed > > services...) > > > > Yeah, I sense an enhancement... > > When you run django-admin.py startproject mysite a settings.py gets created > with > lots of stuff. I am wondering if these should be pulled out: > > SECRET_KEY = 'foo!' > > DATABASE_ENGINE = '' > DATABASE_NAME = '' > DATABASE_USER = '' > DATABASE_PASSWORD = '' > DATABASE_HOST = '' > DATABASE_PORT = '' > > and put in local_settings.py or something along these lines.
No. Look, this whole thread is really a non-issue. If you're going to post your settings file somewhere publically, sanitise it! Otherwise only post the portions you need to (which is what people normally do). On your production machines, use normal permissions for access control. View the whole settings file as something you don't just release casually and then only post the bits you feel safe doing so. That is absolutely normal configuration file practice. Malcolm -- How many of you believe in telekinesis? Raise my hand... http://www.pointy-stick.com/blog/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
