Re: secret api keys

[Michael Rohan]

Hi,

This is one of the drivers for my package:

https://django-yamlconf.readthedocs.io/en/latest/

Externalize setting values to yaml files.

Take care,
Michael

On Wed, Oct 26, 2022 at 9:45 PM Mike Dewhirst  wrote:

> On 27/10/2022 3:32 pm, Mike Dewhirst wrote:
>
> Not a dumb question but frequently asked.
>
> There are two approaches - one is to export your secrets as environment
> vars and read them from there. The other is to keep them in disk files and
> read them as required.
>
> In both cases the idea is to keep secrets out of your code and thus out of
> your repo.
>
> I prefer the latter approach.
>
>
> Further to that, the secrets are consumed by your code on the server which
> constructs html from a template rendered with values inserted by your code
> and sends that all to the browser which made the request.
>
> So if you don't include your secrets in your constructed html they won't
> appear in the browser and will remain secret.
>
> My preferred approach (above) is only secure if the files containing the
> secrets are stored on the server in a location accessible to the web server
> (Apache perhaps in your case) but access is denied to a browser.
>
> In my case, I use a "creds" directory which satisfies that scenario.
>
>
> Cheers
>
> Mike
>
>  Original message 
> From: john fabiani  
> Date: 27/10/22 02:09 (GMT+10:00)
> To: django-users@googlegroups.com
> Subject: secret api keys
>
> Hi,
>
> Maybe a dumb question but if I add secret keys in my settings.py file
> (or should it be placed) will they be protected from the front end side
> (the part that is displayed to the user of the website).
>
> For example I have a secret key to access Authorize Net.  Will it be
> protected from someone opening the website and using chrome to see the
> source?
>
> Johnf
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/eeb82d0a-f18d-c253-a613-24c685307f41%40jfcomputer.com
> .
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/6068b999-3cca-f4e3-cb58-493e08800187%40dewhirst.com.au
> 
> .
>
>
>
> --
> Signed email is an absolute defence against phishing. This email has
> been signed with my private key. If you import my public key you can
> automatically decrypt my signature and be sure it came from me. Just
> ask and I'll send it to you. Your email software can handle signing.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/51795697-9488-777d-a2de-53517c3e8f46%40dewhirst.com.au
> 
> .
>


-- 
Michael Rohan
mro...@acm.org

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAOCsNFjA_5G6SgVtquiqAxxMp0yOaiKE67fuVZ%2BSCN9%2B9Q1mQQ%40mail.gmail.com.

Re: secret api keys

[Mike Dewhirst]

On 27/10/2022 3:32 pm, Mike Dewhirst wrote:

Not a dumb question but frequently asked.

There are two approaches - one is to export your secrets as 
environment vars and read them from there. The other is to keep them 
in disk files and read them as required.


In both cases the idea is to keep secrets out of your code and thus 
out of your repo.


I prefer the latter approach.


Further to that, the secrets are consumed by your code on the server 
which constructs html from a template rendered with values inserted by 
your code and sends that all to the browser which made the request.


So if you don't include your secrets in your constructed html they won't 
appear in the browser and will remain secret.


My preferred approach (above) is only secure if the files containing the 
secrets are stored on the server in a location accessible to the web 
server (Apache perhaps in your case) but access is denied to a browser.


In my case, I use a "creds" directory which satisfies that scenario.



Cheers

Mike

 Original message 
From: john fabiani 
Date: 27/10/22 02:09 (GMT+10:00)
To: django-users@googlegroups.com
Subject: secret api keys

Hi,

Maybe a dumb question but if I add secret keys in my settings.py file
(or should it be placed) will they be protected from the front end side
(the part that is displayed to the user of the website).

For example I have a secret key to access Authorize Net.  Will it be
protected from someone opening the website and using chrome to see the
source?

Johnf

--
You received this message because you are subscribed to the Google 
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/eeb82d0a-f18d-c253-a613-24c685307f41%40jfcomputer.com.


--
You received this message because you are subscribed to the Google 
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/6068b999-3cca-f4e3-cb58-493e08800187%40dewhirst.com.au 
.



--
Signed email is an absolute defence against phishing. This email has
been signed with my private key. If you import my public key you can
automatically decrypt my signature and be sure it came from me. Just
ask and I'll send it to you. Your email software can handle signing.

--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/51795697-9488-777d-a2de-53517c3e8f46%40dewhirst.com.au.


OpenPGP_signature
Description: OpenPGP digital signature

secret api keys

[Mike Dewhirst]

Not a dumb question but frequently asked.

There are two approaches - one is to export your secrets as environment 
vars and read them from there. The other is to keep them in disk files 
and read them as required.


In both cases the idea is to keep secrets out of your code and thus out 
of your repo.


I prefer the latter approach.

Cheers

Mike

 Original message 
From: john fabiani 
Date: 27/10/22 02:09 (GMT+10:00)
To: django-users@googlegroups.com
Subject: secret api keys

Hi,

Maybe a dumb question but if I add secret keys in my settings.py file
(or should it be placed) will they be protected from the front end side
(the part that is displayed to the user of the website).

For example I have a secret key to access Authorize Net.  Will it be
protected from someone opening the website and using chrome to see the
source?

Johnf

--
You received this message because you are subscribed to the Google 
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/eeb82d0a-f18d-c253-a613-24c685307f41%40jfcomputer.com.


--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/6068b999-3cca-f4e3-cb58-493e08800187%40dewhirst.com.au.


OpenPGP_signature
Description: OpenPGP digital signature

Resources to learn

[Nitesh Mint]

I am new to Django and i have some basic knowledge of it. I completed a 
book: Django for beginners. Now i need some help with resources to follow 
and some great projects ideas to help me learn more. Please provide me some 
links or any resources to learn with.
Note: no Youtube !

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/325e8416-1b3d-4d8a-9f7d-579cb197f8f8n%40googlegroups.com.

Hello, why am I getting this error

[Samuel Nzola]

Page not found (404)
Request Method:
GET
Request URL:
http://127.0.0.1:8000/delete-room/6/%3E

Using the URLconf defined in studybud.urls, Django tried these URL 
patterns, in this order:

   1. admin/
   2. [name='home']
   3. room// [name='room']
   4. create-room/ [name='create-room']
   5. update-room// [name='update-room']
   6. delete-room// [name='delete-room']

The current path, delete-room/6/>, didn’t match any of these.



here is my url.py in my project
from django.urls import URLPattern, path, include
from . import views

urlpatterns=[
path('', views.home, name='home'),
path('room//', views.room, name="room"),
path('create-room/', views.createRoom, name="create-room"),
path('update-room//', views.updateRoom, name="update-room"),
path('delete-room//', views.deleteRoom, name="delete-room"),
]

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/8139e6f0-5a65-4303-951e-bc182be546cdn%40googlegroups.com.

Re: Does not displayed radio button in tutorial04

[Snsk Mats]

Hi Member,

I solved this problem. I missed some of the content of the following
sections.

https://docs.djangoproject.com/en/4.1/intro/tutorial02/#playing-with-the-api

In particular, the following statements.

# Create three choices.
>>> q.choice_set.create(choice_text='Not much', votes=0)

>>> q.choice_set.create(choice_text='The sky', votes=0)

>>> c = q.choice_set.create(choice_text='Just hacking again', votes=0)

Thanks!


2022年9月12日(月) 3:49 Mats :

> Hi, Member
>
> I am going through the tutorial at docs.djangoproject.com." I am
> implementing a form in "Writing your first Django app, part 4" but when I
> enter the code as per the tutorial, the radio buttons on the form do not
> appear.
>
> https://docs.djangoproject.com/en/4.1/intro/tutorial04/
>
> I think it is because the contents of the fieldset element are not being
> rendered, but why is this happening? I am running django 4.1, latest
> version of Chrome.
>
> The source code of the displayed page is as follows:
>
> 
>  value="Kt8oNcQx8e6fFF2JAxUOqGDVXAwRis8IiRs6B8kx33u3lNAFD6pH1k9fdYAHR8Zr">
> 
> Whats up
>
>
> 
> 
> 
> return index
>
> 
> Mats
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/0af1422e-69f4-43b7-9cf6-6e78cd4df256n%40googlegroups.com
> 
> .
>


-- 
shi...@gmail.com - snsk

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAF67J8p%2BZex71JuvszsH-q6z-8b8V1ioWm69Y5fVcgsVHmOkyw%40mail.gmail.com.

Re: secret api keys

[Muhammad Juwaini Abdul Rahman]

People can't see it straight away.

However, let's say if you forgot to set debut = False, they can see it. Not
straight away, but very trivial.

It is advisable to put your secret keys in external file (.env for example)
and use library like django-environ to get the value.

On Wed, 26 Oct 2022 at 23:09, john fabiani  wrote:

> Hi,
>
> Maybe a dumb question but if I add secret keys in my settings.py file
> (or should it be placed) will they be protected from the front end side
> (the part that is displayed to the user of the website).
>
> For example I have a secret key to access Authorize Net.  Will it be
> protected from someone opening the website and using chrome to see the
> source?
>
> Johnf
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/eeb82d0a-f18d-c253-a613-24c685307f41%40jfcomputer.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAFKhtoSOzw7DcJmnXOrszXrv5OZ9Dt%2BJ%3D%2BAQaJhGczGL3-e%3DQQ%40mail.gmail.com.

Re: how to connect mongodb in my project,

['Kasper Laudrup' via Django users]

On 26/10/2022 16.52, pythoon r wrote:
please help me,i've one requirement (project) django with mongodb.how to 
connect mongo to django .i was tried some method i cant connect

how to config mongoengine,django-mongo-engine in my settings.py file



https://www.mongodb.com/compatibility/mongodb-and-django

Kind regards,

Kasper Laudrup

--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/dbf74873-192b-5e9c-f664-3d90b476b225%40stacktrace.dk.


OpenPGP_0xE5D9CAC64AAA55EB.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: how to connect mongodb in my project,

[Lakshyaraj Dash]

Postgresql is similar to MySQL (phpMyAdmin) database with some more
advanced features.

On Wed, Oct 26, 2022, 20:43 pythoon r  wrote:

> please help me,i've one requirement (project) django with mongodb.how to
> connect mongo to django .i was tried some method i cant connect
> how to config mongoengine,django-mongo-engine in my settings.py file
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/6ae0bef8-04ee-43c2-85b7-58c7031e692bn%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAF7qQgDN2GehMMs2DZrM6MODvJV8ZitFDVqaF3ULii6HNeQKcw%40mail.gmail.com.

Re: how to connect mongodb in my project,

[Lakshyaraj Dash]

I would prefer postgresql more thn mongodb because it's easier to use
postgresql if you have a little knowledge of SQL commands and on the other
hand you need json objects to deal with mongodb.

Leaving all of the above content, there's a package called djongo you can
use. But it has many issues like basic crud operations issue.

I would prefer postgresql more than mongodb to you.

On Wed, Oct 26, 2022, 20:43 pythoon r  wrote:

> please help me,i've one requirement (project) django with mongodb.how to
> connect mongo to django .i was tried some method i cant connect
> how to config mongoengine,django-mongo-engine in my settings.py file
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/6ae0bef8-04ee-43c2-85b7-58c7031e692bn%40googlegroups.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAF7qQgDFJsqXd6wyPrWJ6vxsQxkvW5KF4P739D0%2B5_-edbum5Q%40mail.gmail.com.

how to connect mongodb in my project,

[pythoon r]

please help me,i've one requirement (project) django with mongodb.how to 
connect mongo to django .i was tried some method i cant connect 
how to config mongoengine,django-mongo-engine in my settings.py file

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/6ae0bef8-04ee-43c2-85b7-58c7031e692bn%40googlegroups.com.

Re: secret api keys

[Lakshyaraj Dash]

No one can see your secret keys. It's a far thought, no can can see on what
language you server side is written in.

On Wed, Oct 26, 2022, 20:39 john fabiani  wrote:

> Hi,
>
> Maybe a dumb question but if I add secret keys in my settings.py file
> (or should it be placed) will they be protected from the front end side
> (the part that is displayed to the user of the website).
>
> For example I have a secret key to access Authorize Net.  Will it be
> protected from someone opening the website and using chrome to see the
> source?
>
> Johnf
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/eeb82d0a-f18d-c253-a613-24c685307f41%40jfcomputer.com
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAF7qQgAdG5_Hh1oP6jw1wwMBwNw9-kxpp7yjGom-VPxTKA8P%3DA%40mail.gmail.com.

secret api keys

[john fabiani]

Hi,

Maybe a dumb question but if I add secret keys in my settings.py file 
(or should it be placed) will they be protected from the front end side 
(the part that is displayed to the user of the website).


For example I have a secret key to access Authorize Net.  Will it be 
protected from someone opening the website and using chrome to see the 
source?


Johnf

--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/eeb82d0a-f18d-c253-a613-24c685307f41%40jfcomputer.com.