You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Aug 10, 2024. It is now read-only.
Seung Won [Tom] Lee edited this page Jul 3, 2018
·
1 revision
Any sensitive credentials shall be stored inside .env file. This file should never be uploaded anywhere.
This includes everything from SECRET_KEY, CLOUDAMQP_APIKEY, CLOUDAMQP_URL, DATABASE_URL,
Login system is secured by the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST.
DEBUG variable in the environment should be set to False unless developing. I suggest not touching the DEBUG variable on Heroku ever.
DATABASE_URL is composed of different parts including the ID, password, and database url. It is formatted as such postgres://[ID]:[PASSWORD]@[DATABASE URL]
As long as the .env file is secured, there shouldn't be much problem regarding security.