/11/2020 1:54 am, Kegan Ronholt wrote:
> > What is the best practice for hiding SECRET key in settings.py in
> > production. I am finding all sorts of different ways to do it, but
> > none seem to work.
>
> I keep it in a file left out of the repository but in a "stand
On 5/11/2020 1:54 am, Kegan Ronholt wrote:
> What is the best practice for hiding SECRET key in settings.py in
> production. I am finding all sorts of different ways to do it, but
> none seem to work.
I keep it in a file left out of the repository but in a "standard"
locati
/yesabhishek/
On Wed, Nov 4, 2020 at 8:30 PM Kegan Ronholt wrote:
> What is the best practice for hiding SECRET key in settings.py in
> production. I am finding all sorts of different ways to do it, but none
> seem to work.
>
>
> --
> You received this message because you
What is the best practice for hiding SECRET key in settings.py in
production. I am finding all sorts of different ways to do it, but none
seem to work.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this grou
ictor
>> wrote:
>>
>>> Have you try googling your problem
>>>
>>> Victor
>>>
>>> On Sat, Sep 12, 2020, 9:34 AM dum dum wrote:
>>>
>>>> I tried to put my Django Secret Key in Environment Variables.
>>>>
>
is something wrong with my Django Project. I don't know
> what it is.
> Still tinkering.
>
>
> On Sat, Sep 12, 2020 at 9:38 PM Mbah Victor wrote:
>
>> Have you try googling your problem
>>
>> Victor
>>
>> On Sat, Sep 12, 2020, 9:34 AM dum
ictor
>
> On Sat, Sep 12, 2020, 9:34 AM dum dum wrote:
>
>> I tried to put my Django Secret Key in Environment Variables.
>>
>> SECRET_KEY = os.environ.get('SECRET_KEY')
>>
>> I did save the SECRET_KEY on env var windows 10 like this
>> [imag
Have you try googling your problem
Victor
On Sat, Sep 12, 2020, 9:34 AM dum dum wrote:
> I tried to put my Django Secret Key in Environment Variables.
>
> SECRET_KEY = os.environ.get('SECRET_KEY')
>
> I did save the SECRET_KEY on env var windows 10 like this
> [im
I tried to put my Django Secret Key in Environment Variables.
SECRET_KEY = os.environ.get('SECRET_KEY')
I did save the SECRET_KEY on env var windows 10 like this
[image: image.png]
When I tried to py manage.py runserver, I got this error
django.core.exceptions.ImproperlyConfi
gt;>
>>
>>
>>
>>
>>
>>
>>
>> On Thursday, 30 January 2020 12:41:01 UTC, Tom Moore wrote:
>>>
>>> Hi there, I'm following the guidelines by making sure the environment
>>> variables are stored outside of the setti
>
>
>
>
>
>
>
>
>
> On Thursday, 30 January 2020 12:41:01 UTC, Tom Moore wrote:
>>
>> Hi there, I'm following the guidelines by making sure the environment
>> variables are stored outside of the settings.py files.
>>
>> The proj
it. That helped me
>> a lot when I started out
>>
>> cheers
>> Chris
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> On Thursday, 30 January 2020 12:41:01 UTC, Tom Moore wrote:
>>>
>>> Hi there,
On 1/02/2020 2:24 am, Bill Torcaso wrote:
A couple of years ago I posted on this topic to say that using ENV
variables is dangerously subject to human error. If it ever happens
that (1) you put a server on the public internet with DEBUG on, and
(2) a visitor can provoke a 5xx server error re
A couple of years ago I posted on this topic to say that using ENV
variables is dangerously subject to human error. If it ever happens that
(1) you put a server on the public internet with DEBUG on, and (2) a
visitor can provoke a 5xx server error response, then all of your secrets
will be du
red outside of the settings.py files.
>>
>> The project is "dockerised" and so the environment variables have been
>> stored in files *docker-compose.yml* and *docker-compose-prod.yml*.
>>
>> This includes things like the project's secret key, API keys, an
so the environment variables have been
> stored in files *docker-compose.yml* and *docker-compose-prod.yml*.
>
> This includes things like the project's secret key, API keys, and database
> passwords.
>
> *My question is: *
> • Just because environment variables are stored i
nt). But we can change that at will as our scale needs evolve.
> This includes things like the project's secret key, API keys, and database
> passwords.
>
> *My question is: *
> • Just because environment variables are stored in .yml files, won't they
> be equally ins
things like the project's secret key, API keys, and database
passwords.
*My question is: *
• Just because environment variables are stored in .yml files, won't they
be equally insecure the moment I commit the project folder to a git repo
(and especially if I push that repo to GitHub)?
Oh you want to have false security.
First this has nothing to do with Django and it's secret key. You can use
any secret key in your case it would be user input. Also you can use any
cryptography algorithm to secure your data in the database.
And here is the problem - to make user exper
I encrypt several fields in Database. Now it's possible that a Hacker get
Database and settings.py. i want Maximum Security and i think when User at
Login Page Input Secret Key that ist optimal. Also i want AS SaaS No Access to
Data in database because Data ist high Security.
--
You rec
Hi.
What are you trying to do?
In other words why do you need to replace secret key by user input at login?
ke 10. heinäk. 2019 klo 8.54 Sebastian Jung
kirjoitti:
> Hello,
>
> I want in my Login Page a further field Secret Key. This Input ist
> replacement dir Secret Key in sett
Hello,
I want in my Login Page a further field Secret Key. This Input ist replacement
dir Secret Key in settings.py. Ist this possible? Can someone explain me how?
Regards
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubs
On 2014-05-21 16:44, Erik Romijn wrote:
> > Could you elaborate on how such remote-code execution would
> > happen?
>
> If you use Django's cookie-based sessions[1], knowledge of the
> SECRET_KEY allows an attacker to forge a cookie with session data.
> Forging sessions is bad enough, but if you
On 20 May 2014, at 22:27, Tim Chase wrote:
>> And yes, it is very important to keep it secret. The worst case
>> scenario for secret key leakage, in particular configurations, is
>> arbitrary remote code execution.
>
> Could you elaborate on how such remote-code executi
Hi Erik,
On Tue, May 20, 2014 at 8:34 PM, Erik Romijn wrote:
> ...
> If it were used for that, that would indeed be the scenario. Fortunately,
> it's not.
Good to know :)
> There is a current ticket open on documenting exactly this question:
> https://code.djangoproject.com/ticket/22310. I'd
Den 20/05/2014 kl. 20.40 skrev Henning Sprang :
> Also, if it should be kept secret, I guess it's safe to assume that
> using an online generator like
> https://djskgen.herokuapp.com/ is not the smartest idea one can come
> up with, right?
You can use any random string, but you could also install
are reset, and if using the cookie
> backend for form wizards, this may lead to exceptions.
>
> Also, any third party packages or any of your own code that uses
> the secret key may be affected. Notably not affected (in Django
> itself) are user passwords, and general content in the d
m wizards, this may lead to exceptions.
Also, any third party packages or any of your own code that uses the secret key
may be affected. Notably not affected (in Django itself) are user passwords,
and general content in the database.
> Also, if it should be kept secret, I guess it's safe to
Hi,
I developed quite a bit in Django already, but only now I am the first
time responsible for putting something into real production use.
So I work through the deployment checklist, and it says the secret key
must be kept super secret. One example shows how to set it as
environment variable
Yes because it takes the settings instance using the lazysettings.
On Tue, Mar 25, 2014 at 10:06 PM, François Schiettecatte <
fschietteca...@gmail.com> wrote:
> 110-130 milliseconds to 'import' something, sounds very suspect to me.
>
> François
>
> On Mar 25, 2014, at 12:08 PM, Errfan Wadia
> w
110-130 milliseconds to 'import' something, sounds very suspect to me.
François
On Mar 25, 2014, at 12:08 PM, Errfan Wadia wrote:
> Hi Daniel,
>
> When I try to get the SECRET_KEY from settings.py in one of the app, it takes
> around 110-130 millisec. Here I am talking about execution time.
>
Hi Daniel,
When I try to get the SECRET_KEY from settings.py in one of the app, it
takes around 110-130 millisec. Here I am talking about execution time.
On Tuesday, 25 March 2014 18:31:01 UTC+5:30, Daniel Roseman wrote:
>
> On Tuesday, 25 March 2014 06:36:53 UTC, Errfan Wadia wrote:
>>
>> Hi,
>
Hey Shai
it worked, reduced the time to 10 millisec from 120 millisec.
On Tuesday, 25 March 2014 17:48:12 UTC+5:30, Shai Efrati wrote:
>
> Hi Errfan,
> You can get the SECRET_KEY through the environment variables. Just use:
>
> from os import environ
> SECRET_KEY = environ.get('SECRET_KEY')
>
>
On Tuesday, 25 March 2014 06:36:53 UTC, Errfan Wadia wrote:
>
> Hi,
>
> I am using from django.conf import settings
> Is there any faster way to get the SECRET_KEY in one of my app from
> settings.py ?
>
What do you mean, faster? In what way is that slow?
--
DR.
--
You received this message be
Hi Errfan,
You can get the SECRET_KEY through the environment variables. Just use:
from os import environ
SECRET_KEY = environ.get('SECRET_KEY')
Good luck!
Shai.
On Tue, Mar 25, 2014 at 8:36 AM, Errfan Wadia wrote:
> Hi,
>
> I am using from django.conf import settings
> Is there any faster w
Hi,
I am using from django.conf import settings
Is there any faster way to get the SECRET_KEY in one of my app from
settings.py ?
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it,
the session e.g. depends on this key
regards
Hinnack
>reply to message:
>date: 09.03.2010 15:20:38
>from: "rebus_"
>to: django-users@googlegroups.com
>subject: Re: Secret key
>
>On 9 March 2010 15:16, Joan Miller wrote:
>> For what is used the key `SECRE
To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>
A secret key for this particular Django installation. Used to provide
a seed in secret-key h
For what is used the key `SECRET_KEY`?
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
On Wed, 2006-08-16 at 00:16 +, Seth Buntin wrote:
> This might be a stupid question (and maybe off topic) but what does the
> secret key do and why is it there?
If we told you it wouldn't be secret, now would it? Really... people
should think before asking these question..
On 8/16/06, Seth Buntin <[EMAIL PROTECTED]> wrote:
>
> This might be a stupid question (and maybe off topic) but what does the
> secret key do and why is it there?
>
It's used to deal with the password. Of cause the password is processed by MD5.
--
I like python!
My Blog
This might be a stupid question (and maybe off topic) but what does the
secret key do and why is it there?
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, sen
42 matches
Mail list logo
