Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Would posting my code to github affect the security of my application?

Tags:

security

github

django

background

I am writing a simple blog application in Django (data passed through templating language). The owner of the blog will have access to the admin page where they will update the db. Now I understand that in production I will have to hide the security key and turn debug off.

question

What I am wandering is will pushing the code to github jeopardize the security of the application?

like image 427
user3786992 Avatar asked Dec 02 '22 13:12

user3786992

1 Answers

Yes you can but make sure that you don't keep your secret keys and password in your main settings.py file.Since you are using django,python comes with a package called pytho-decouple which help you to keep your secret files in a .env file.

You can install it by using this command in your django project:

 pip install python-decouple

Now let us consider you have following settings.py file:

import os

BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
SECRET_KEY = '3izb^ryglj(bvrjb2_y1fZvcnbky#358_l6-nn#i8fkug4mmz!'
DEBUG = True
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': 'HELLO_DJANGO',
        'USER': 'U_HELLO',
        'PASSWORD': 'hA8(scA@!fg3*sc&xaGh&6%-l<._&xCf',
        'HOST': '127.0.0.1',
        'PORT': '',
    }
}

So what you need to do is to create a .env file in the root directory of your django project like this:-

SECRET_KEY=3izb^ryglj(bvrjb2_y1fZvcnbky#358_l6-nn#i8fkug4mmz!
DEBUG=True
DB_NAME=HELLO_DJANGO
DB_USER=U_HELLO
DB_PASSWORD=hA8(scA@!fg3*sc&xaGh&6%-l<._&xCf
DB_HOST=127.0.0.1

Since you want to upload your project on github just make sure you include .env file in your .gitignore file. Now the last step:-

import os
from decouple import config

BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
SECRET_KEY = config('SECRET_KEY')
DEBUG = config('DEBUG', cast=bool)
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': config('DB_NAME'),
        'USER': config('DB_USER'),
        'PASSWORD': config('DB_PASSWORD'),
        'HOST': config('DB_HOST'),
        'PORT': '',
    }
}

In this way you can use your secret keys without letting anyone know.

like image 163
Vinit Raj Avatar answered Dec 05 '22 03:12

Vinit Raj
Sign in to Comment

Related questions

Django NameError: name 'forms' is not defined

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!