SECRET_KEY published in public repository

Issue #72 resolved
Ed McDonagh created an issue

The SECRET_KEY is supposed to be secret, but all installs of OpenREM will have the same key. The impact of this should be limited for the following reasons:

  1. The sites should not be on public accessible servers
  2. Released versions have no authentication modules except the admin which is not used

Changing the local version should not cause any issues for the same reasons.

Comments (6)

  1. Ed McDonagh reporter

    Altered and moved the migration warning, fixed the bullet point formatting for settings locations and added instruction for generating secret keys. Refs #66 and fixes #72. Instructions for secret key in install page already committed.

    → <<cset eb5c0bf4f841>>

  2. Log in to comment