brianhhuynh38
commented
5 days ago Private user information can now be private, I'd recommend setting this up on everyone else's branches. @manavkamdar27 @shinegami-2002
Closed brianhhuynh38 closed 3 days ago
brianhhuynh38
commented
5 days ago Private user information can now be private, I'd recommend setting this up on everyone else's branches. @manavkamdar27 @shinegami-2002
brianhhuynh38
commented
4 days ago I would also like to note that the transition to the Python OS variables did break some of the tests. I've already asked @manavkamdar27 to take care of this.
manavkamdar27
commented
3 days ago I have resolved the api hiding in html files, added it to the views files so that it is now being passed as an additional parameter with the render return request.
brianhhuynh38
commented
3 days ago By communicating with the previous team, we have figured out that none of us know where the SECRET_KEY in settings comes from (some sort of Django API key) since it has been there for multiple iterations now. We've decided to leave it there for now since removing it prevents the software from functioning.
Introduction
The way that the system stores the API keys and passwords completely exposes them to anyone using the program since they are hard-coded into the system. This is a major issue in that this is a public repository and is available to any who view it. This should be changed to use a more secure way of storing the information, such as through a
.envfile.Steps Towards Implementation
.envfile that is not pushed to the GitHubsettings.py. If possible, please find out where this is from and how to obtain it so it can be included in the installation instructions in more detail.