Skip to first unread message
Ranveer Aggarwal
Jun 16, 2014, 10:27:59 AM6/16/14
to wncc...@googlegroups.com
I've recently started learning Django and one good practice I was told about was to have multiple settings.py files while using version control. For example, if I were to make a Django-based website, I should have a settings_local.py file for my local machine, a settings.py file to put on Github and yet another to keep on the production server, so as to protect my secret keys.
Another forum mentioned that this isn't a good practice since if there are a number of developers working on the same project and you need to make a change in the settings.py file (let us say add a middleware), then you'll have to personally notify all the developers to make changes in their respective settings_local.py files. This argument seems pretty valid too.
So, I had two doubts:
1. Are the secret keys unique for a particular machine?
2. Should multiple-settings-practice be followed? Or is there a way out?
Pritam Baral
Jun 16, 2014, 10:44:29 AM6/16/14
to wncc...@googlegroups.com
Consider what SECRET_KEY is used for: Cryptographically signing cookies and tokens. Changing the SECRET_KEY does not modify any function (as in task, action, not Python function) or feature.
So feel free to change it as much as you want, just don't change it on a live server in production as that can cause all kinds of silly little problems: sudden session invalidations, form submission failure (until reload), password reset tokens stop working (until a new one is requested).
With instances that have different SECRET_KEYS, unless you're transferring users from one instance of Django to another, there should be no issue.
So feel free to change it as much as you want, just don't change it on a live server in production as that can cause all kinds of silly little problems: sudden session invalidations, form submission failure (until reload), password reset tokens stop working (until a new one is requested).
With instances that have different SECRET_KEYS, unless you're transferring users from one instance of Django to another, there should be no issue.
Regards,
Chhatoi Pritam Baral
--
--
The website for the club is http://wncc-iitb.org/
To post to this group, send email to wncc...@googlegroups.com
---
You received this message because you are subscribed to the Google Groups "Web and Coding Club IIT Bombay" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wncc_iitb+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Manish Goregaokar
Jun 16, 2014, 11:49:08 AM6/16/14
to wncc...@googlegroups.com
As for the settings.py duality, just add a settings_local.py and a settings_prod.py, gitignore both, and only keep the differing settings in these two. Load these from settings.py, and let the majority of the changes be done there. You still have to update the files when you want to add a new dev/prod-specific setting, but there's no alternative to that, really.
-Manish Goregaokar
Reply all
Reply to author
Forward
0 new messages