gavrie
commented
11 years ago @gooli
Yes, the SECRET_KEY should definitely be changed, otherwise anyone can trivially hijack sessions. The configuration should be kept out of git completely (even if it were a private repo) and in a separate file which is stored somewhere secure (e.g. Dropbox or S3).
-- Gavrie
On 13 Dec 2012, at 17:09, Eli Finer notifications@github.com wrote:
@gavrie
When we ran under dotcloud, there was an environment variable called MODE that would be set to "production" when running on the dotcloud server. That caused a different set of parameters to be used in config.py. I don't think that's the case on the new server.
See https://github.com/openemotion/webapp/blob/master/config.py
In any case, it might be best to not keep the configuration file in the public git repo since it contains passwords and other stuff.
Thoughts?
— Reply to this email directly or view it on GitHub.
@gavrie
When we ran under dotcloud, there was an environment variable called MODE that would be set to "production" when running on the dotcloud server. That caused a different set of parameters to be used in config.py. I don't think that's the case on the new server.
See https://github.com/openemotion/webapp/blob/master/config.py
In any case, it might be best to not keep the configuration file in the public git repo since it contains passwords and other stuff.
Thoughts?