As the title suggests, are Environment variables the best solution in terms of password safeguarding? I read alternate opinions and would love to hear the advice of the community.
Asked
Active
Viewed 1,437 times
0
-
I think you will find http://stackoverflow.com/questions/3540339/is-it-okay-that-database-credentials-are-stored-in-plain-text informative. – turbotux Feb 06 '17 at 05:17
-
generally very useful but I personally disagree with "Setting the permissions correctly (this will depend on your set up). Ideally only python should be able to read the file." this would imply that the password would be on the repository, which does not enjoy the same standards of security one might have on the web service – Asher11 Feb 07 '17 at 08:54
1 Answers
0
I developed a package to hide your settings, it prompts you for the database info the first time you run a manage.py command.
https://github.com/rafahsolis/djangosecure
Related post: Hiding secure django settings info on webfaction
Rafa He So
- 473
- 3
- 12