You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I would like to suggest that the key is not put in a settings file.. well maybe that's good for some, but I don't really see the great benefit of encrypting something and then leaving the key next to it... if someone can access the .sqlite file, they sure as hell can also read the settings.py file !?
Anyways, my suggesting is the following:
Since Django is able to start without connecting to the database, I would allow Django to do so and then inject the key with a management command afterwards through command line user input.
Would that work?
The text was updated successfully, but these errors were encountered:
Hi there!
I would like to suggest that the key is not put in a settings file.. well maybe that's good for some, but I don't really see the great benefit of encrypting something and then leaving the key next to it... if someone can access the .sqlite file, they sure as hell can also read the settings.py file !?
Anyways, my suggesting is the following:
Since Django is able to start without connecting to the database, I would allow Django to do so and then inject the key with a management command afterwards through command line user input.
Would that work?
The text was updated successfully, but these errors were encountered: