Added SECRET_KEY to the options file
This commit is contained in:
parent
b7fc3628df
commit
02bd2e3294
@ -11,6 +11,12 @@ https://docs.djangoproject.com/en/1.11/ref/settings/
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
import os
|
import os
|
||||||
|
import configparser
|
||||||
|
import warnings
|
||||||
|
|
||||||
|
config = configparser.ConfigParser()
|
||||||
|
config.read('options.ini')
|
||||||
|
options = config['General']
|
||||||
|
|
||||||
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
|
# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
|
||||||
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
||||||
@ -20,7 +26,10 @@ BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
|
|||||||
# See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
|
# See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
|
||||||
|
|
||||||
# SECURITY WARNING: keep the secret key used in production secret!
|
# SECURITY WARNING: keep the secret key used in production secret!
|
||||||
SECRET_KEY = '#(5u4*zj+ppjmsa^8mu_e%$0zpou(&9vu^q02g4icb%eu%3qe8'
|
SECRET_KEY = options.get('secret_key', '5up3r s3cr3t k3y')
|
||||||
|
if '5up3r s3cr3t k3y' == SECRET_KEY:
|
||||||
|
warnings.warn("Using a default secret_key, change this in options.ini for production!")
|
||||||
|
|
||||||
|
|
||||||
# SECURITY WARNING: don't run with debug turned on in production!
|
# SECURITY WARNING: don't run with debug turned on in production!
|
||||||
DEBUG = True
|
DEBUG = True
|
||||||
|
3
options_example.ini
Normal file
3
options_example.ini
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
[General]
|
||||||
|
# You MUST change this for production. Not doing so is a major vulnerability
|
||||||
|
secret_key=5up3r s3cr3t k3y
|
Reference in New Issue
Block a user