Django, Security and Settings

Question

From here, we add all database info as text:

DATABASES = {
\'default\': {
    \'ENGINE\': \'django.db.backends.postgresql\',
    \'NAME\': \'mydatabase\',
           


        

Answer 1

No, it isn't secure .

you mustn't upload those information to internet .

what I always do is :

• Adding env file in the root directory .
  for example , if the project named MYPROJECT
  the dir for env file would be MYPROJECT/env

• Adding env file to .gitignore file.

• I use database url form , I found it more elegant , and less lines .
  to use it type :
  

  • pip install dj_database_url

  • Add this line to settings.py
    

    import dj_database_url

  • Then as simple and elegant as this type :
    DATABASES = { 'default': dj_database_url.config(default='postgres://user:password@localhost:5432/database_name'), }

• Now , replace the url with a keyword ,and hide the url safely in env file , as :
  

  DATABASES = { 'default': dj_database_url.config(default=os.environ.get('DATABASE_URL')), }

  note : this way you typed os.environ.get() only once.

• Go to env file and add :
  export DATABASE_URL='postgres://user:password@localhost:5432/database_name'

• Don't forget ! to let tell the terminal about those keywords! Type in terminal in project dir :
  source env

Good Luck .