SECRET_KEY published in public repository
Issue #72
resolved
The SECRET_KEY is supposed to be secret, but all installs of OpenREM will have the same key. The impact of this should be limited for the following reasons:
- The sites should not be on public accessible servers
- Released versions have no authentication modules except the admin which is not used
Changing the local version should not cause any issues for the same reasons.
Comments (6)
-
reporter -
reporter - edited description
-
reporter Consider referencing a secret_key generator such as http://www.miniwebtool.com/django-secret-key-generator/
-
reporter Added to quick install instructions for this in 71fc141
-
reporter - changed status to resolved
Altered and moved the migration warning, fixed the bullet point formatting for settings locations and added instruction for generating secret keys. Refs
#66and fixes#72. Instructions for secret key in install page already committed.→ <<cset eb5c0bf4f841>>
-
reporter Updated changes docs. Refs
#78,#72,#71.→ <<cset ae228ae13421>>
- Log in to comment
Created a local_settings.py file for the database settings and local file paths. Also moves the SECRET_KEY. Closes
#65and refs#72.→ <<cset 01b2e7cbbbc5>>