After watching security lecture, I see we need to have SECRET_KEY not in GitHub. I don't think we do currently, which is good, but the 'or' statement in config.py I think sets it to 'you-will-never-guess' if we don't get SECRET_KEY in our environment.
So, maybe we need to add to README that before launching, a user must add a .env file which sets the SECRET_KEY.
I'm not 100% sure about this, would love a discussion :)
After watching security lecture, I see we need to have SECRET_KEY not in GitHub. I don't think we do currently, which is good, but the 'or' statement in config.py I think sets it to 'you-will-never-guess' if we don't get SECRET_KEY in our environment.
So, maybe we need to add to README that before launching, a user must add a .env file which sets the SECRET_KEY.
I'm not 100% sure about this, would love a discussion :)