-
Book Overview & Buying
-
Table Of Contents
Mastering Django: Core
By :
The secret key must be a large random value and it must be kept secret.
Make sure that the key used in production isn't used anywhere else and avoid committing it to source control. This reduces the number of vectors from which an attacker may acquire the key. Instead of hardcoding the secret key in your settings module, consider loading it from an environment variable:
import os SECRET_KEY = os.environ['SECRET_KEY']
or from a file:
with open('/etc/secret_key.txt') as f:
SECRET_KEY = f.read().strip()You must never enable debug in production.
When we created a project in Chapter 1, Introduction to Django
and Getting Started, the command django-admin startproject created a settings.py file with DEBUG set to True. Many internal parts of Django check this setting and change their behavior if DEBUG mode is on.
For example, if DEBUG is set to True, then:
django.db.connection.queries...
Change the font size
Change margin width
Change background colour