django-aesfield icon indicating copy to clipboard operation
django-aesfield copied to clipboard

Published 20 hours ago verified publisher icon andymckay

Key should be easily read as string not in file

Open alinik opened this issue 11 years ago • 2 comments

you should able to set key as string and not file, or at least if it was null, use the SECRET_KEY

alinik avatar Oct 12 '12 08:10 alinik

We require key files by design. If you store your key as a string (in settings or elsewhere) then your attacker only has to compromise your source code. If you store your key in a file then your attacker has to compromise both your source code and your file system.

kumar303 avatar Jan 08 '13 01:01 kumar303

althought I agree with you, meybe using SECRET_KEY as fallback is a good option.

alinik avatar Feb 24 '13 11:02 alinik