我有一个本地制作的Django网站,并将其托管在Heroku上,同时我将更改推送到anathor github存储库。我正在使用内置数据库来存储数据。其他用户是否可以从我的存储库中获取已输入数据库中的数据(例如用户详细信息)?
如果是这样,如何防止它发生?将文件添加到.gitignore的解决方案也将阻止推送到Heroku。
答案 0 :(得分:1)
No one can steal your data if you don't push sensitive information in git repo. Never push your credentials to public repository.
Use one of the below method.
- Create a separate file for credentials and add it to .gitignore file and copy it manually to the server.
- Save credentials in .env file and use python package to read information from there.
For more detail read these threads:
- https://www.reddit.com/r/learnpython/comments/264ffw/what_is_the_pythonic_way_of_storing_credentials/
- Python/Django - Avoid saving passwords in source code
答案 1 :(得分:0)
The code itself wouldn't be enough to get access to the database. For that you need the db name and password, which shouldn't be in your git repo at all.
On Heroku you use environment variables - which are set automatically by the postgres add-on - along with the dj_database_url library which turns that into the relevant values in the Django DATABASES setting.