On Sunday, January 22, 2017 at 5:16:36 PM UTC-8, Dave S wrote: > > On Sunday, January 22, 2017 at 4:43:56 PM UTC-8, Alex Glaros wrote: >> >> I assume that the key is meant to be unique for each app and that the >> example key above is just a sample. >> >> key = 'asdsaddasdasdas' >> >> (1) How to select/generate a key and (2) if key exists in plain text on >> my open source app, then I have to replace it with a dummy key in gitHub so >> whoever downloads and uses the code from my app cannot decipher my data if >> they steal the database, correct? >> >> thanks to Niphlod for the example, works great. >> >> Alex Glaros >> > > > I take it you saw the recent report on how many projects have exposed keys > for their backdoors, kept in github, eh? > > I would move the key to the myapp/private/appconfig.ini file and read it > in at runtime, say in db.py. > > <URL:http://www.computerworld.com/article/3158494/security/access-tokens-and-keys-found-in-hundreds-of-android-apps.html> <URL:http://windowsitpro.com/security/truffle-hog-finds-security-keys-hidden-github-code>
/dps -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
