Thats right, there should be a secret_settings.py file with db credentials and secret_key also a warning that it should not be added to version control
-- Matt Harasymczuk http://www.matt.harasymczuk.pl On Mar 21, 5:07 pm, Kristaps Kūlis <kristaps.ku...@gmail.com> wrote: > "real" config should not be in version control system, only reference > config should be stored in version control. > > Consider database credentials - they should not be publicly available > / downloadable from internet and they fall in same category - > sensitive information in settings.py . > Memcache credentials - in many cases memcache is unprotected . > > I think docs should be updated to reflect sensitive settings.py > variables, which are confidential and provide "best practices" way > ({local|secret}_settings.py ?) for deployment :). Perhaps manage.py > command to generate adequate strenght / randomness secret would be > beneficial . -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
