Closed ghost closed 8 years ago
BayoAdejare
commented
8 years ago This is actually a big security issue I intentionally left. To speed development I left the settings.py file in the repo this includes the db password (and the secret key). After removal of the settings file including those in previous versions, we'll need to change the secret key and db password.
BayoAdejare
commented
8 years ago I added settings.py to.gitignore so the settings file is removed from the current version and is no longer tracked. It is still in previous versions but that does not matter as we're going to create new secret key and db password.
ghost
commented
8 years ago Yeah, it's a problem in my code too--I definitely didn't want to single anybody out.
I've changed the password of the demhack2016 account in the DB. Anybody who has shell access to our server can get the new one in the file ~eamon/DBLOGIN.txt. I just confirmed that everything still works okay with the new password.
BayoAdejare
commented
8 years ago Thanks Eamon
ghost
commented
8 years ago I don't want to forget to make changes in the analysis stuff.
ghost
commented
8 years ago Fixed all of the R scripts outside the preprocessing stuff, as these are meant to be run once.
The preprocessing stuff still lives in the repo (as it should), but the password there is now just out of date. We're much more secure now!
We need to change the password of the demhack2016 user and not store it in code all over the repo.