Security update __init__.py #1

Closed
pdavek wants to merge 1 commit from patch-1 into main
pdavek commented 2025-04-28 19:42:30 +00:00 (Migrated from github.com)

Secret key was hardcoded to "dev". A proper secret key shall be added to .env to make it safe and publicly deployable. If it is not present it'll fallback to "dev" so it will work even if you don't do it

sqlite path also changed to make it more secure, database URL can be also added secretly.

Secret key was hardcoded to "dev". A proper secret key shall be added to .env to make it safe and publicly deployable. If it is not present it'll fallback to "dev" so it will work even if you don't do it sqlite path also changed to make it more secure, database URL can be also added secretly.
muyrety commented 2025-04-28 19:54:35 +00:00 (Migrated from github.com)

Thank you for contributing. However, the default variables would be overwritten in production by the configuration loaded from config.py in the instance folder. This is recommended in the README.md. Although, a comment could be added in the code for more clarity. Same goes for the database.

Thank you for contributing. However, the default variables would be overwritten in production by the configuration loaded from config.py in the instance folder. This is recommended in the README.md. Although, a comment could be added in the code for more clarity. Same goes for the database.
pdavek commented 2025-04-28 20:25:07 +00:00 (Migrated from github.com)

Oh I see, sorry for that.

Oh I see, sorry for that.

Pull request closed

Sign in to join this conversation.
No description provided.