Hi Aymeric, On Mar 17, 2013, at 6:33 PM, Aymeric Augustin <aymeric.augus...@polytechnique.org> wrote: > Daniel Quinn worked on a list of good practices for production settings at the > Utrecht sprint. I completed the patch and I'd like to commit the result:
I like the patch overall. I have two comments: For HTTPS, I think it would be good to stress even more that HTTPS needs not only to be set up, but that it's also essential to redirect all HTTP requests to HTTPS. Some may see this as implied when you set up HTTPS, but it may not be obvious to everyone, and the problems you'd run into with secure cookies can be incredibly nasty to debug. For databases, I think we should also specifically recommend never to have passwords in source control. Same as SECRET_KEY, really. cheers, Erik -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
