I'm making a simple CRUD app in django with the use of Pycharm.
I want to upload the project to Github and thus need to protect some of my settings.py file.
Would the best way to be use a .env file and add it to .gitignore or does that method not work on mac?
Git has enable application "GitGuardian" please read about it. Or just prepare wrapper that will restore correct content of settings.py file, whenever you will start server.
Related
So, I set up a Django project and I'm done with it. Anyway, there's a function in the views.py script that is meant to send an email. I'm using the smtplib library and of course I need to login to send the email through my email address, so in that script my email and my password are written.
I'll publish this project (hosted by Heroku) so I'm worring about the password protection.
What do you think? Is the password protected or do I need to protect it in some way? I don't think it could be possible to access the views.py script but I'm not sure.
For anything like this, you should avoid putting the password in the code at all. Rather, get it from an environment variable, which you can then set via the command line with heroku config:set. See the Heroku docs.
You can and should use .env files for this. On heroku you have the option to add environment variables without .env files.
EDIT:
A bit of info about .env files: they are used to load environment variables from a file (the .env file). You usually don't commit them to SVN, but an "example" of what should go into the file, which is usually named .env.example. Depending on what's your setup for running the app there are different ways of supplying those environment variables, but you always access them in the same way in your code.
I have a problem with dotCMS. I have a site which is uploaded to the Internet and I want to export it to take care of this site locally on my computer. I've downloaded all data/assets from Maintenance -> Export dotCMS Content. I have a zip file with all content from this site. I managed and configured dotCMS locally on my computer. I have no idea how I can get access in dotCMS to my site from that zip file. In Maintenance menu I have no option to upload this site. I've read about folder dotCMS/starter.zip but I don't have anything like that. Can anyone tell step by step, how can I manage my site from zip file locally? Thx
Create a new database for dotCMS and replace the starter.zip with your downloaded .zip. Start dotCMS and it should import your site on initial startup. There are some caveats - the databases and versions should match from the server you've downloaded the .zip from.
So to add a couple things to Will's answer in case a few more details help:
The easiest way to do what Will advised may be to start with a new dotCMS distribution.
Make sure the versions of both dotCMS and the database in the new installation match those of the site you made the backup from.
Go through all the normal install steps (including setting up a database), but before you actually start dotCMS, replace the starter.zip file in the ROOT (/dotserver/tomcat-8.0.18/webapps/ROOT) with your own ZIP file (renaming your file to starter.zip).
Alternately, if you want to start with an existing install.
You still need to make sure the dotCMS and database versions match those of the site you backed up.
You still need to replace the starter.zip file with your backup ZIP file.
In addition, make sure you create a new DB (and update the context.xml file to point to it) before you start up dotCMS. If you don't do this, the starter.zip file (your backup) will not get read when dotCMS starts up.
I'm trying to build a Dockerized CouchDB to run in AWS that bootstraps authentication for my app. I've got a Dockerfile that installs CouchDB 1.6.1 and sets up the rest of the environment the way I need it. However, before I put it on AWS and potentially expose it to the wild, I want to put some authentication in place. The docs show this:
http://docs.couchdb.org/en/1.6.1/api/server/authn.html
which hardly explains the configuration properly or what is required for basic security. I've spent the afternoon reading SO questions, docs and blogs, all about how to do it, but there's no consistent story and I can't tell if what worked in 2009 will works now, or which parts are obsolete. I see a bunch of possible settings in the current ini files, but they don't match what I'm seeing in my web searches. I'm about to start trying various random suggestions I've gleaned from various readings, but thought I would ask before doing trial and error work.
Since I want it to run in AWS I need it to be able to start up without manual modifications. I need my Dockerfile to do the configuration, so using Futon isn't going to cut it. If I need to I can add a script to run on start to handle what can't be done there.
I believe that I need to set up an admin user, then define a role for users, provide a validation function that checks for the proper role, then create users that have that role. Then I can use the cookie authentication (over SSL) to restrict access to my app that provides the correct login and handles the session/cookie.
It looks like some of it can be done in the Dockerfile. Do I need to configure authentication_handlers, and an admin user in the ini file? And I'm guessing that the operations that modify the database will need to be done by some runtime script. Has anyone done this, or seen some example of it being done?
UPDATE:
Based on Kxepal's suggestion I now have it working. My Dockerfile is derived from klaemo's docker-couchdb, as mentioned below. The solution is to force the database to require authentication, but a fresh install starts out as Admin-Party. To stop that you have to create an admin user, which secures the system data but leaves other databases open. First, create an admin user in your Dockerfile:
RUN sed -e '/^\[admins\]$/a admin=openpassword\n' -i /usr/local/etc/couchdb/local.ini
(just following klaemo's sed pattern of using -e) and when CouchDB runs it will salt and hash this password and replace it in the local.ini file. I extract that password and replaced "openpassword" with this so that my Dockerfile didn't have the password in plain text. CouchDB can tell by the form of it not to hash it again.
The normal pattern to now secure the other databases is to create users/roles and use them in a validation function to deny access to the other databases. Since I am only interested in getting a secure system in place for testing I opted to defer this and just use the settings in local.ini to force everyone to be authenticated.
The Dockerfile now needs to set the require_valid_user flag:
RUN sed -e '/^\[couch_httpd_auth\]$/a require_valid_user = true\n' -i /usr/local/etc/couchdb/local.ini
And that requires uncommenting the WWW-Authenticate setting:
RUN sed -e 's/^;WWW-Authenticate/WWW-Authenticate/' -i /usr/local/etc/couchdb/local.ini
Which, since the setting shows Basic realm="administrator" means that the NSURLProtectionSpace in my iOS app needs to use #"administrator" as the realm.
After this I now have a Dockerfile that creates a CouchDB server that does not allow anonymous modification or reading.
This hasn't solved all of my configuration issues since I need to populate a database, but since I use a python script to do that and since I can pass credentials when I run that, I have solved most problems.
To setup auth configuration during image build, you need to check not API, but configuration for server admins. TL;DR just put [admin] section into local.ini file with your username and password in plain text - on start, CouchDB will replace password with it hash and CouchDB wouldn't be in Admin Party state.
P.S. Did you check docker-couchdb project?
I'm currently using django. And now I need to save a file uploaded by a user to another server which is not the one that serves the django application. The file will be saved to file system not the database. Could somebody tell me how to do this?
Default Django behavior is to save file on the filesystem, not the database itself).
You have several options how to do this, the simplest one is to have a filesystem exported from you "other" machine and mounted on the machine with the django application.
For the filesystem export you can use NFS, MogileFS or GlusterFS (which I'm using) or many more :). If you do not need real-time save&serve, simple rsync may be an option too.
Second option is to utilize existing django mechanisms StogareAPI. There are already available different storage backeds you can use and may be helpful for you (e.g. ftp).
This wont work out of the box, you need to have a mechanism(write some code) to queue the files that are uploaded through django application, then use a middleware(can be in python) to transfer files from queue to your file server. so flow is basically like this:
Accept the uploaded file via django app.
django app. writes the file info(its temporary path and name) to a queue
A middleware app reads the next file in queue.
The middleware app use some transfering protocol(sftp, scp, ftp, http etc...) to copy the file to file server.
Middleware app deletes the file from where django app is hosted so django server dont have a copy of the file.
Has anyone run into an idea of a "settings app" for a django project?
It's a set of application variables set by an administrator (not developer, so settings.py fails) using admin panel.
Are there any apps ready to use?
edit
I probably didn't state my question clear. I don't mean editing the things like connection settings, rather things like "file size limit".
There is a very nice app that does this, called django-dbsettings. The official repo hasn't been updated in years, but I have an up-to-date fork on my github page.
The question is how would you store the settings.
Cause... if you store the settings in the database it will be troublesome since most of the code will already be initialized (using the settings before that) before you have a database connection.
If it's the filesystem that means you're going to have to include a Python file that's being modified by your webserver which sounds like a huge security risk to me.
So... in my opinion, it could be done but I would vote against it since it's dangerous. If things should be configurable from the web, implement that in the app :)
It sounds a bit like you're asking "how does an administrator change the settings (like database connection parameters) without changing settings.py?"
If your admin isn't familiar enough with python to change the settings.py file directly, you might consider giving the admin a simpler file to edit, perhaps a config file that you loaded from settings.py. Then all your admin has to do is edit the config file and restart the server.
This has an added benefit that you can limit the config file to only those parameters which your admin would need to mess with (like database connection parameters).
(Another option would be to get a better admin ...)