database password in settings.py
Eyüp Hakan Duran
I am very new to django so please be gentle with me. I understand that
we need to define the password to login to the database in the
settings.py file. Although I know one can set the permissions of this
file to be not readable by others, I was just wondering whether there
is another option that is more secure.
Regards.
Shawn Milochik
The file should never be exposed to the Internet (or intranet, for that matter).
Shawn
Eric Chamberlain
from Crypto.Cipher import Blowfish
blowme = Blowfish.new(SECRET_KEY)
DATABASE_PASSWORD = blowme.decrypt(ENCRYPTED_PASSWORD)
Securing SECRET_KEY is left as an exercise for the reader.
> --
>
> You received this message because you are subscribed to the Google Groups "Django users" group.
> To post to this group, send email to django...@googlegroups.com.
> To unsubscribe from this group, send email to django-users...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
>
>
Tomasz Zieliński
On 5 Sty, 17:49, Eric Chamberlain <e...@rf.com> wrote:
> There's nothing special about settings.py. You could do something like:
>
> from Crypto.Cipher import Blowfish
>
> blowme = Blowfish.new(SECRET_KEY)
> DATABASE_PASSWORD = blowme.decrypt(ENCRYPTED_PASSWORD)
>
> Securing SECRET_KEY is left as an exercise for the reader.
It's piece of cake:
blowme0 = Blowfish.new(SECRET_KEY0)
SECRET_KEY = blowme0.decrypt(ENCRYPTED_SECRET_KEY)
;-)
--
Tomasz Zielinski
http://pyconsultant.eu
Kevin Teague
securely in your Keychain|Wallet|Keyring. I use it and it works Very
Nicely(TM):
Eyüp Hakan Duran
Things which are easy for gurus like you take a while for me to grasp
and get comfortable at :).
2010/1/5 Kevin Teague <ke...@bud.ca>: