I apologize if this is a duplicate question but I can't find an answer online. In Django Checklist Docs I see the following to keep secret key secure.
with open('/etc/secret_key.txt') as f:
SECRET_KEY = f.read().strip()
My project is deployed with AWS EBS.
I've created a separate file called "secret_key.txt" which holds the key. How is this more secure than keeping the key in the settings.py config file? If someone can access my projects settings.py file to access the key, would they not be able to access the "secret_key.txt" file as well? How is creating a "secret_key.txt" file more secure?
I've checked Google and Stack Overflow for reasoning but can't find an answer. Currently all sensitive information is protected using an .env file and including this file in .gitignore.
You usually add that file to the .gitignore, such that the file is not part of the (GitHub) repository. This means that you can add (other) settings in the project, and you load "sensitive" settings through environment variables, or files.
This hackernoon post for example, discusses four ways to define sensitive variables such that these are not defined in files that you add to the subversioning system.
Usually it is advisable to incude a settings.py in the project however, stripped from sensitive data. That way a peer can easily set up the project all the other (required) settings, and thus only has to define a limited number of sensitive variable to get the project running.
I think however using an environment variable might be better, since it is probably easier to specify this, and thus to manage a number of processes that all might work with different values.
Related
Hello all fellow StackOverFlow'ers,
I'm making an app in Flask that runs depending on settings that can be changed by administrator via a POST request in their admin-panel,
Actually, the only two things I came up with for doing this is using os.environ.get (Environment variables) [which i'm using now] or insert it to a PostreSQL Database config table and load it up
Anyway I will be storing settings such as a couple of API_URLs and their API_KEY, and some Conditions of checking like a success value where if condition in text .. else is applied to ... where admin can change them via the panel
I'm looking for the best performant approach for doing such thing.
Best regards.
If you're looking for the changes to only apply on a per-user basis (changes made by the admin only affect the admin), check out Flask's sessions. It works like a dictionary, but stores information in a cookie in the user's browser that can be programmatically accessed by Flask. Be warned that this data is stored in plain-text in the user's browser, so don't store anything sensitive here.
On the other hand, if you're looking for changes made by the admin to affect everybody visiting the website, you may just be able to store the settings in a variable, update them when the admin makes changes, and read them when responding to a request. If you want these settings to persist through a server restart, however, you'll need to write them to disk and then load them on server restart and save them to disk when they're changed. If this is a production-grade app and needs to be able to scale, I personally recommend using an SQLite file to store settings (or a SQL database if it really needs to scale), but this is a personal preference of mine. If this is just a personal app, storing settings in text files would be just fine.
Hope this helps!
I want to store some system constants which do not change so frequently.
I have made an settings table in my database using django models to store them but this table will have only single entry and I change these settings with django admin.
Is there an alternate way to store some variables without having to create a database?
You want, I quote, some system constants which do not change so frequently. For this, you can defined your own variables in the settings.py file (or another files apart) and use them by importing them.
The most appropriate way would be to create a new file and import them into settings.py:
SETTING_1 = "/home/path/to/an/executable"
SETTING_2 = False
and then, in the settings.py:
from settings_site import *
It will make SETTING_* variables (give them useful names though) accessible in the settings of your project and you will be able to change the file even if you are using a VCS (SVN, Git...).
Otherwise, you can still implement a solution based on a configuration file, editable through a custom view, but it will require to create an application to manage that. But, coupled with the cache system, it can be as efficient as the use of the settings.py if you are parsing the file only when it is needed (at the startup and at every changes)
Iam trying to create multiple projects into one existing django project.
The directory should be set up as follows
directory picture
Is it possible to use this direcory without using multiple databases and config files. Everything in a single django instance?
If so, how?
The problem is, i cant reach the moduls in my mainproject urls.py. They cant be found.
thanks :)
Why would you want to do this? If you need two different django projects, keep them as different django projects.
It is different if you want to use the same database and reuse some of your existing apps.
For the first, you can set that in your settings.py file of each project to point to a common database, you can even manage to share only some tables in a common database and keep the others as a separated database for each project (there are some limitations with that approach though). Check django multidb docs for more info.
For the second, you can create a folder containing your django apps (with their models definitions, views, admin and whatever you need) and import them in the settings.py. An example:
APPS_PATH = "/django/apps/folder/"
sys.path.insert(0, APPS_PATH)
INSTALLED_APPS = (
...
custom_app1,
custom_app2,
)
You may also want to check django sites.
Hope it helps.
I'm just getting started with Python's pyramid framework and am unsure where to set application variables and the best way to import them into my project. For example: database username/passwords, paths, thumbnail height/width, etc ...
Should I create a dedicated config.py file and import the variables into my functions? What should this look like?
Thanks.
There is a recipe in the cookbook for emulating the Django-style global settings file (for your convenience). However, the recommended way is to store these things in your INI file as deployment settings. Thus you could have one database username/password for development and one for production and it's as simple as having two INI files. All of the key/value pairs that you add to the [app:...] INI section for your Pyramid app are available at setup time and during request processing via a settings dictionary which is attached to the registry. This is accessible via config.registry.settings as well as request.registry.settings. The settings object is a copy of the dict that you passed into the Configurator(settings=settings, ...) within your main function.
For more information, see http://docs.pylonsproject.org/projects/pyramid/en/1.3-branch/narr/startup.html as well as the tutorials within the Pyramid documentation which have examples of all of this.
I currently have a django app which generates PDFs and saves them to a specific directory. From the admin interface I want to have some way to view the list of files within that directory (similar to models.FilePathField()), but also be able to download them. I realize that django was never intended to actually serve files, and I have been tinkering with django-sendfile, as a possible option. It just doesn't seem like there is any way to create a dynamic list of files other than with FilePathField (which I don't believe can suite my purposes).
Would this project fit your needs? http://code.google.com/p/django-filebrowser/
I ended up realizing that I was going about the problem in a more complicated manner than was necessary. Using two separate views trivializes the issue. I was just under the impression that the admin interface would include such a basic feature.
What I did was create a download_list view to display the files in the directory, and a download_file view which uses django-sendfile to serve the file to the end-user. Download_file simply parses through the directory with listdir(), checks if the extension is valid and sends the complete file path to the download_file function (after the user selects one).
Are the files in a directory that is served by your webserver? If all you want to do is list and download the files, it may be easier just to have a link to the directory with all the files in it and let the webserver take care of listing and serving the files. I understand this may not be the ideal solution for you, but it does avoid having Django serve static files, which is a task best left to the webserver.