Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security enhancements #3

Closed
maxmcc opened this issue Sep 19, 2015 · 5 comments
Closed

Security enhancements #3

maxmcc opened this issue Sep 19, 2015 · 5 comments
Labels
enhancement help wanted

Comments

@maxmcc
Copy link

maxmcc commented Sep 19, 2015

  • Double-check that CSRF protection is working properly
  • Other features from flask-security package that might be missing
@sandlerben sandlerben removed the ready label Apr 7, 2016
@abhisuri97
Copy link
Contributor

It is probably best that we remove our default secret key from config...or you know actually generate one (please correct me if we do that already).

@sandlerben
Copy link
Contributor

sandlerben commented Jul 9, 2016
edited

Any deployment should set the SECRET_KEY environment variable.

@aharelick
Copy link
Contributor

Yeah, we should remove that default value. I don't think the application should work in production if you haven't set the environment variable yourself.

@sandlerben
Copy link
Contributor

Ok that's fair.

@abhisuri97
Copy link
Contributor

SECRET_KEY check before deployment taken care of. CSRF is working on all pages.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@aharelick @sandlerben @abhisuri97 @maxmcc