in the name of security, we should really put the secret key in a file that is added to our git-ignore
we should all ensure we have a copy of the secret key file and understand how it is read in
this issue being resolved means that the secret key will no longer be accessible through the github repo.
this also means we cannot have the current key present in any past commits, so we will need to change it.
and then from settings.py we should access it via reading in from a file i think.
there may be better, even more secure solutions to this.
at best, it is bad practice.
at worst, it could put users at risk
it was my mistake initially, it was included in the first django pull request.
my bad y'all.
low priority instead of high, despite it being a huge security flaw, due to:
we have many things to work on
we are our only users at the moment
with port forwarding being tabled for the moment, no outside connections are actually possible (for now)
in the name of security, we should really put the
secret keyin a file that is added to ourgit-ignorewe should all ensure we have a copy of the secret key file and understand how it is read in this issue being resolved means that the secret key will no longer be accessible through the github repo. this also means we cannot have the current key present in any past commits, so we will need to change it.and then from
settings.pywe should access it via reading in from a file i think. there may be better, even more secure solutions to this.at best, it is bad practice. at worst, it could put users at risk
it was my mistake initially, it was included in the first django pull request. my bad y'all.
low priority instead of high, despite it being a huge security flaw, due to: