From jeff at jeffwidman.com Mon Jul 20 23:02:59 2015 From: jeff at jeffwidman.com (Jeff Widman) Date: Mon, 20 Jul 2015 14:02:59 -0700 Subject: [Flask] Welcome to the new Flask mailing list Message-ID: Welcome to the new Flask mailing list. This list replaces the old librelist mailing list. -- *Jeff Widman* jeffwidman.com | 740-WIDMAN-J (943-6265) <>< ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From alexandre_ at fastmail.com Mon Jul 20 23:21:21 2015 From: alexandre_ at fastmail.com (Alexandre Souza) Date: Mon, 20 Jul 2015 18:21:21 -0300 Subject: [Flask] Welcome to the new Flask mailing list In-Reply-To: References: Message-ID: <1437427281.1993474.328606113.7E0E53BA@webmail.messagingengine.com> Cool. BTW, do you guys already have considered discourse? it is a heavier app, but is very nice too (works as a mailing list as well). =] [ ]'s -- Twitter: @_AleSou || GitHub: alexandre || Reddit: ubbersith -- [...]o sentido disso tudo ? que n?o h? sentido em tentar enlouquecer para impedir-se de ficar louco...guarde sua sanidade para mais tarde[...] - Douglas Adams On Mon, Jul 20, 2015, at 18:02, Jeff Widman wrote: > Welcome to the new Flask mailing list.? > > This list replaces the old librelist mailing list.? > > -- > * > Jeff Widman* > jeffwidman.com[1]?|?740-WIDMAN-J (943-6265) > <>< > ? > _________________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask Links: 1. http://www.jeffwidman.com/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From itsmeshantanu at hotmail.com Tue Jul 21 00:01:52 2015 From: itsmeshantanu at hotmail.com (Shantanoo Desai) Date: Mon, 20 Jul 2015 22:01:52 +0000 Subject: [Flask] =?utf-8?q?Help_with_Flask_Implementation?= Message-ID: Hello everyone, I am working on Sensor Networks and I need to Visualization tool which can help me observe the connected network. Luckily, there is an available tool designed in Flask and is a github repository. Though this request might sound a bit strange would someone be willing to help me out in understanding the code and trimming it down to a mere minimum(upto the point where I could use the visualization). I have been trying to understand the code and being a newbie at Flask, I haven't seem to get my head around it. I have decided to use the Skeleton HTML and CSS for display purpose and have found an interesting JavaScript application called Visjs, but since I am new to web developments, any guidance would be appreciated. the repository link for already implemented : https://github.com/malvira/bramble other links : www.getskeleton.com www.visjs.org Any help would be really appreciated. Thanks, Shan Sent from Windows Mail -------------- next part -------------- An HTML attachment was scrubbed... URL: From coreybrett at gmail.com Tue Jul 21 02:40:21 2015 From: coreybrett at gmail.com (Corey Boyle) Date: Mon, 20 Jul 2015 20:40:21 -0400 Subject: [Flask] is mailman storing my password? Message-ID: I just subscribed to this list, and received the "Welcome" email. I was a little annoyed to see my password in plain-text in the email. Is mailman storing my password? From scott.werner.vt at gmail.com Tue Jul 21 15:28:00 2015 From: scott.werner.vt at gmail.com (Scott Werner) Date: Tue, 21 Jul 2015 09:28:00 -0400 Subject: [Flask] is mailman storing my password? In-Reply-To: References: Message-ID: Yes when you subscribed to the mailing list at https://mail.python.org/mailman/listinfo/flask it warned you that it would be clear text. You may enter a privacy password below. This provides only mild security, > but should prevent others from messing with your subscription. Do not use a > valuable password as it will occasionally be emailed back to you in > cleartext. > > If you choose not to enter a password, one will be automatically generated > for you, and it will be sent to you once you've confirmed your > subscription. You can always request a mail-back of your password when you > edit your personal options. Once a month, your password will be emailed to > you as a reminder. On Mon, Jul 20, 2015 at 8:40 PM, Corey Boyle wrote: > I just subscribed to this list, and received the "Welcome" email. > I was a little annoyed to see my password in plain-text in the email. > > Is mailman storing my password? > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > -- Scott Werner 843-321-9598 scott.werner.vt at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From jason at unifiedthought.com Tue Jul 21 19:17:43 2015 From: jason at unifiedthought.com (Jason Harris) Date: Tue, 21 Jul 2015 19:17:43 +0200 Subject: [Flask] Control of werkzeug logging Message-ID: Hi I am using flask to serve an internal application on an embedded server. Ie the server and web page accessing the server reside on the same machine. I have enabled logging in my application and have something like: if __name__ == '__main__': myLogger = logging.getLogger('myLogger') myLogger.setLevel(logging.INFO) myLoggerHandler = logging.handlers.RotatingFileHandler("mylogFile.log", maxBytes= 2*1024*1024, backupCount=3) myLogger.addHandler(myLoggerHandler) app.logger.addHandler(myLoggerHandler) app.run(use_reloader=False) I want however to be able to turn off the messages that werkzeug? is posting with each request to flask. Ie the output is littered with 127.0.0.1 - - [18/Jul/2015 19:01:52] "GET /myPacket/ HTTP/1.1" 200 - 127.0.0.1 - - [18/Jul/2015 19:01:52] "GET /otherPacket/ HTTP/1.1" 200 - 127.0.0.1 - - [18/Jul/2015 19:01:53] "GET /otherPacket/ HTTP/1.1" 200 - 127.0.0.1 - - [18/Jul/2015 19:01:54] "GET /networkXYZ/ HTTP/1.1" 200 - 127.0.0.1 - - [18/Jul/2015 19:01:54] "GET /simulationXYZ/ HTTP/1.1" 200 - 127.0.0.1 - - [18/Jul/2015 19:01:54] "GET /otherPacket/ HTTP/1.1" 200 - 127.0.0.1 - - [18/Jul/2015 19:01:55] "GET /otherPacket/ HTTP/1.1" 200 - 127.0.0.1 - - [18/Jul/2015 19:01:56] "GET /networkXYZ/ HTTP/1.1" 200 - 127.0.0.1 - - [18/Jul/2015 19:01:56] "GET /simulationXYZ/ HTTP/1.1" 200 - Where myPacket, otherPacket, networkXYZ, simulationXYZ are routes in my application. How or where do I control the print out / logging of this information? Thanks! Jason From scott.werner.vt at gmail.com Tue Jul 21 21:20:19 2015 From: scott.werner.vt at gmail.com (Scott Werner) Date: Tue, 21 Jul 2015 15:20:19 -0400 Subject: [Flask] Control of werkzeug logging In-Reply-To: References: Message-ID: You can disable the werkzeug logger with: import logging log = logging.getLogger('werkzeug') # log.setLevel(logging.ERROR) log.disabled = True On Tue, Jul 21, 2015 at 1:17 PM, Jason Harris wrote: > Hi I am using flask to serve an internal application on an embedded > server. Ie the server and web page accessing the server reside on the same > machine. > > I have enabled logging in my application and have something like: > > if __name__ == '__main__': > myLogger = logging.getLogger('myLogger') > myLogger.setLevel(logging.INFO) > myLoggerHandler = logging.handlers.RotatingFileHandler("mylogFile.log", > maxBytes= 2*1024*1024, backupCount=3) > myLogger.addHandler(myLoggerHandler) > app.logger.addHandler(myLoggerHandler) > app.run(use_reloader=False) > > I want however to be able to turn off the messages that werkzeug? is > posting with each request to flask. Ie the output is littered with > > 127.0.0.1 - - [18/Jul/2015 19:01:52] "GET /myPacket/ HTTP/1.1" 200 - > 127.0.0.1 - - [18/Jul/2015 19:01:52] "GET /otherPacket/ HTTP/1.1" 200 - > 127.0.0.1 - - [18/Jul/2015 19:01:53] "GET /otherPacket/ HTTP/1.1" 200 - > 127.0.0.1 - - [18/Jul/2015 19:01:54] "GET /networkXYZ/ HTTP/1.1" 200 - > 127.0.0.1 - - [18/Jul/2015 19:01:54] "GET /simulationXYZ/ HTTP/1.1" 200 - > 127.0.0.1 - - [18/Jul/2015 19:01:54] "GET /otherPacket/ HTTP/1.1" 200 - > 127.0.0.1 - - [18/Jul/2015 19:01:55] "GET /otherPacket/ HTTP/1.1" 200 - > 127.0.0.1 - - [18/Jul/2015 19:01:56] "GET /networkXYZ/ HTTP/1.1" 200 - > 127.0.0.1 - - [18/Jul/2015 19:01:56] "GET /simulationXYZ/ HTTP/1.1" 200 - > > Where myPacket, otherPacket, networkXYZ, simulationXYZ are routes in my > application. How or where do I control the print out / logging of this > information? > > Thanks! > Jason > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > -- Scott Werner scott.werner.vt at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From pchtsp at gmail.com Wed Jul 22 00:04:46 2015 From: pchtsp at gmail.com (Franco Peschiera) Date: Wed, 22 Jul 2015 00:04:46 +0200 Subject: [Flask] using flask to build interactive web apps Message-ID: Hello everyone. I am starting with Web programming using flask. In python I have some experience but I am no expert. I've been trying a few small things in flask to get a grasp on the potential. What I am looking for is a way to use flask to create things similar to the kind of things I've already done with R language and the Shiny framework. With this framework it is possible to develop small but highly interactive pages that integrate via r packages with several javascript / html 5 libraries such as leaflet for maps and d3 for graphs (for me interactive is when you do not need to load the page again to get data from the server). I like the good integration flask has with databases and pages creation but would like to be able to include easily powerful javascript /html widgets without having to learn advanced javascript. So some questions are... - Where do I start if I need to build this kind of applications? - What do I need to learn /use to be able build applications that are similar to these ones using flask? - Is it that I need to learn a lot more javascript to create very good / complex templates to serve using flask? - How do I handle the Ajax calls from the page to the server to get data and do operations? - Is there similar python packages that complement flask in the same way there are R packages that complement Shiny such as leaflet and rCharts? - Is there some examples of web apps similar to what I describe built on flask? I am not sure what to look because I am not sure how to name them. Sorry for the load of questions and thanks for any small help you can give me. Franco -------------- next part -------------- An HTML attachment was scrubbed... URL: From kikocorreoso at gmail.com Wed Jul 22 01:44:22 2015 From: kikocorreoso at gmail.com (Kiko) Date: Wed, 22 Jul 2015 01:44:22 +0200 Subject: [Flask] using flask to build interactive web apps In-Reply-To: References: Message-ID: You can check out pyxley, spyre, bokeh, brython,... [1-2-3-4] For the last one check out how to interact with several js libs and how to make ajax calls in the brythonmagic repo [5]. [1] http://multithreaded.stitchfix.com/blog/2015/07/16/pyxley/ [2] https://github.com/adamhajari/spyre [3] http://bokeh.pydata.org/en/latest/ [4] http://www.brython.info [5] https://github.com/kikocorreoso/brythonmagic From mattfields.china at gmail.com Wed Jul 22 06:12:12 2015 From: mattfields.china at gmail.com (Matt Fields) Date: Wed, 22 Jul 2015 12:12:12 +0800 Subject: [Flask] using flask to build interactive web apps In-Reply-To: References: Message-ID: Those are some amazing libs. Thanks for sharing. On Wed, Jul 22, 2015 at 7:44 AM, Kiko wrote: > You can check out pyxley, spyre, bokeh, brython,... [1-2-3-4] For the > last one check out how to interact with several js libs and how to > make ajax calls in the brythonmagic repo [5]. > > [1] http://multithreaded.stitchfix.com/blog/2015/07/16/pyxley/ > [2] https://github.com/adamhajari/spyre > [3] http://bokeh.pydata.org/en/latest/ > [4] http://www.brython.info > [5] https://github.com/kikocorreoso/brythonmagic > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pchtsp at gmail.com Wed Jul 22 10:21:31 2015 From: pchtsp at gmail.com (Franco Peschiera) Date: Wed, 22 Jul 2015 10:21:31 +0200 Subject: [Flask] [flask] Re: using flask to build interactive web apps In-Reply-To: References: Message-ID: Thank you very much Kiko! I will look into all the libraries you have mentioned with detail. (I am not sure if I have sent this mail multiple times: I had to register again to the previous mailing list). Sent from my netBook On Wed, Jul 22, 2015 at 7:17 AM, Franco Peschiera wrote: > Thank you very much Kiko! > Le 22 juil. 2015 06:17, "Matt Fields" a > ?crit : > >> Those are some amazing libs. Thanks for sharing. >> >> On Wed, Jul 22, 2015 at 7:44 AM, Kiko wrote: >> >>> You can check out pyxley, spyre, bokeh, brython,... [1-2-3-4] For the >>> last one check out how to interact with several js libs and how to >>> make ajax calls in the brythonmagic repo [5]. >>> >>> [1] http://multithreaded.stitchfix.com/blog/2015/07/16/pyxley/ >>> [2] https://github.com/adamhajari/spyre >>> [3] http://bokeh.pydata.org/en/latest/ >>> [4] http://www.brython.info >>> [5] https://github.com/kikocorreoso/brythonmagic >>> _______________________________________________ >>> Flask mailing list >>> Flask at python.org >>> https://mail.python.org/mailman/listinfo/flask >>> >> >> -------------- next part -------------- An HTML attachment was scrubbed... URL: From itsmeshantanu at hotmail.com Wed Jul 22 17:25:10 2015 From: itsmeshantanu at hotmail.com (itsmeshantanu) Date: Wed, 22 Jul 2015 17:25:10 +0200 Subject: [Flask] [flask][bcrypt] Help with Password hash Message-ID: Hello, I am trying to using bcrypt ?to hash my password for an application. Right now i am just comparing the password in the form directly with a string 'default' but i want to make an admin password with hash. Where should this configuration be? I have a config.py where csrf and secret key are located and i think this is the file where i could keep a default password for anyone to access the app for now.? I went through the documentation but i am confused.? Sent from Samsung mobile -------------- next part -------------- An HTML attachment was scrubbed... URL: From david at davidbaumgold.com Wed Jul 22 17:28:45 2015 From: david at davidbaumgold.com (David Baumgold) Date: Wed, 22 Jul 2015 11:28:45 -0400 Subject: [Flask] [flask][bcrypt] Help with Password hash In-Reply-To: References: Message-ID: Does this help??https://github.com/maxcountryman/flask-bcrypt From:?itsmeshantanu Reply:?itsmeshantanu > Date:?July 22, 2015 at 11:27:19 AM To:?flask at python.org > Subject:? [Flask] [flask][bcrypt] Help with Password hash Hello, I am trying to using bcrypt ?to hash my password for an application. Right now i am just comparing the password in the form directly with a string 'default' but i want to make an admin password with hash. Where should this configuration be? I have a config.py where csrf and secret key are located and i think this is the file where i could keep a default password for anyone to access the app for now.? I went through the documentation but i am confused.? Sent from Samsung mobile _______________________________________________ Flask mailing list Flask at python.org https://mail.python.org/mailman/listinfo/flask -------------- next part -------------- An HTML attachment was scrubbed... URL: From jeff at jeffwidman.com Wed Jul 22 20:44:58 2015 From: jeff at jeffwidman.com (Jeff Widman) Date: Wed, 22 Jul 2015 11:44:58 -0700 Subject: [Flask] [flask][bcrypt] Help with Password hash In-Reply-To: References: Message-ID: You may find `check_password_hash` from werkzeug helpful. Just modify this code snippet a little so it pulls the hash from your config.py file: http://flask.pocoo.org/snippets/54/ If you're just trying to lockdown the entire application, you can just set a password in nginx or apache. Or use nginx/apache to password protect in everything in /admin. It's a little more brittle since you're managing password security in a different piece of software, but for quick and dirty when you just need to protect a prototype before it goes live it's probably faster. On Wed, Jul 22, 2015 at 8:28 AM, David Baumgold wrote: > Does this help? https://github.com/maxcountryman/flask-bcrypt > > From: itsmeshantanu > > Reply: itsmeshantanu > > > Date: July 22, 2015 at 11:27:19 AM > To: flask at python.org > > Subject: [Flask] [flask][bcrypt] Help with Password hash > > Hello, > I am trying to using bcrypt to hash my password for an application. Right > now i am just comparing the password in the form directly with a string > 'default' but i want to make an admin password with hash. Where should this > configuration be? I have a config.py where csrf and secret key are located > and i think this is the file where i could keep a default password for > anyone to access the app for now. > I went through the documentation but i am confused. > > > > > > Sent from Samsung mobile > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > > > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > > -- *Jeff Widman* jeffwidman.com | 740-WIDMAN-J (943-6265) <>< -------------- next part -------------- An HTML attachment was scrubbed... URL: From jicenhower at yahoo.com Thu Jul 23 14:57:30 2015 From: jicenhower at yahoo.com (Jim Icenhower) Date: Thu, 23 Jul 2015 12:57:30 +0000 (UTC) Subject: [Flask] Setting global flag and keeping it in the session Message-ID: <891848412.1018281.1437656250601.JavaMail.yahoo@mail.yahoo.com> Hi,I'm a fairly new user of Python and Flask but I am a professional Java developer. I have started creating an app using the Flask Appbuilder. ?I would like to set a value from the user's login record (accountId) when he logs in and have it be available for queries on future hits during his session. I know I could include a join to the user's record to get accountId with every query but it seems it might be more efficient to store accountId in the session and add it to the WHERE clause of any queries. Also, it seems like handling session variables would be a good thing to know in general. Can anyone give me a clue about how to store and retrieve session variables? I've seen the g object but I'm not sure how to use it or if that's the best way to do this. I'm actually not sure that the g object persists across hits. Thanks for any help!?Jim -------------- next part -------------- An HTML attachment was scrubbed... URL: From tamasiaina at gmail.com Wed Jul 22 17:44:54 2015 From: tamasiaina at gmail.com (Jonathan Chen) Date: Wed, 22 Jul 2015 08:44:54 -0700 Subject: [Flask] Hello everybody Message-ID: I am glad that we are going to a different mailing list finally. ~Jonathan C. -------------- next part -------------- An HTML attachment was scrubbed... URL: From tamasiaina at gmail.com Sat Jul 25 19:21:48 2015 From: tamasiaina at gmail.com (Jonathan Chen) Date: Sat, 25 Jul 2015 10:21:48 -0700 Subject: [Flask] Setting global flag and keeping it in the session In-Reply-To: <891848412.1018281.1437656250601.JavaMail.yahoo@mail.yahoo.com> References: <891848412.1018281.1437656250601.JavaMail.yahoo@mail.yahoo.com> Message-ID: A quick tutorial of sessions can be found in the documentation here: http://flask.pocoo.org/docs/0.10/quickstart/#sessions There is a difference between g object and sessions. Sessions use cookies to store information. The neat thing with the session object is that you can interface it into another datastore like redis or mongo. The g object is attached to the request so information or data that you put into the g object does not persist between different requests while session object does. ~Jonathan C. On Thu, Jul 23, 2015 at 5:57 AM, Jim Icenhower via Flask wrote: > Hi, > I'm a fairly new user of Python and Flask but I am a professional Java > developer. > > I have started creating an app using the Flask Appbuilder. I would like > to set a value from the user's login record (accountId) when he logs in and > have it be available for queries on future hits during his session. I know > I could include a join to the user's record to get accountId with every > query but it seems it might be more efficient to store accountId in the > session and add it to the WHERE clause of any queries. > > Also, it seems like handling session variables would be a good thing to > know in general. > > Can anyone give me a clue about how to store and retrieve session > variables? I've seen the g object but I'm not sure how to use it or if > that's the best way to do this. I'm actually not sure that the g object > persists across hits. > > Thanks for any help! > > Jim > > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at mattshields.org Tue Jul 28 16:46:11 2015 From: matt at mattshields.org (Matt Shields) Date: Tue, 28 Jul 2015 10:46:11 -0400 Subject: [Flask] Database credentials in clear text Message-ID: So far as I've been developing all my credentials have been contained in a config.py file in clear text. Is there any way to not keep these in clear text or in a file in the application path? One of our .NET developers mentioned that when they are developing .NET apps, they put all their credentials into the Windows Locker and their app is authorized to get the credentials as needed. Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From tamasiaina at gmail.com Tue Jul 28 17:10:49 2015 From: tamasiaina at gmail.com (Jonathan Chen) Date: Tue, 28 Jul 2015 08:10:49 -0700 Subject: [Flask] Database credentials in clear text In-Reply-To: References: Message-ID: Yeah, I've had experience with a "credential wallet" type of product with Oracle applications. Nothing like that I know of exists currently for Python. For test/development it really doesn't matter if the cleartext is available there, but in production there are a few strategies that a devops person can do to make sure that it is more secure. One of the things that you should make sure to avoid is exposing the file by accident. Another thing that you could do is to have the credentials placed in the Python Path somewhere and have the config import it in. By doing that you can make sure that your DevOps people know the password, but the developers do not know. Other than typical database security there isn't much you can do to protect the config file from being viewed by a simple text editor. I believe that if you are using Apache, and I could be wrong, is that you need to make sure that your uwsgi file is not at the root of your app because it can expose your other files within your app folder. ~Jonathan C. On Tue, Jul 28, 2015 at 7:46 AM, Matt Shields wrote: > So far as I've been developing all my credentials have been contained in a > config.py file in clear text. Is there any way to not keep these in clear > text or in a file in the application path? > > One of our .NET developers mentioned that when they are developing .NET > apps, they put all their credentials into the Windows Locker and their app > is authorized to get the credentials as needed. > > Matt > > _______________________________________________ > Flask mailing list > Flask at python.org > https://mail.python.org/mailman/listinfo/flask > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From david at davidbaumgold.com Tue Jul 28 21:28:15 2015 From: david at davidbaumgold.com (David Baumgold) Date: Tue, 28 Jul 2015 15:28:15 -0400 Subject: [Flask] Database credentials in clear text In-Reply-To: References: Message-ID: I believe that what you?re looking for is called a ?secret broker?, and I don?t know of any that are implemented in Python. However, you could always use a secret broker implemented in another language, and just call out using the subprocess module. You should take a look at?https://vaultproject.io/?and?http://square.github.io/keywhiz/. David Baumgold From:?Matt Shields Reply:?Matt Shields > Date:?July 28, 2015 at 10:46:59 AM To:?flask at python.org > Subject:? [Flask] Database credentials in clear text So far as I've been developing all my credentials have been contained in a config.py file in clear text.? Is there any way to not keep these in clear text or in a file in the application path? One of our .NET developers mentioned that when they are developing .NET apps, they put all their?credentials?into the Windows Locker and their app is authorized to get the credentials as needed. Matt _______________________________________________ Flask mailing list Flask at python.org https://mail.python.org/mailman/listinfo/flask -------------- next part -------------- An HTML attachment was scrubbed... URL: From matt at gushee.net Wed Jul 29 00:34:31 2015 From: matt at gushee.net (Matt Gushee) Date: Tue, 28 Jul 2015 16:34:31 -0600 Subject: [Flask] Database credentials in clear text In-Reply-To: References: Message-ID: On Tue, Jul 28, 2015 at 9:10 AM, Jonathan Chen wrote: > Yeah, I've had experience with a "credential wallet" type of product with > Oracle applications. Nothing like that I know of exists currently for > Python. For test/development it really doesn't matter if the cleartext is > available there, but in production there are a few strategies that a devops > person can do to make sure that it is more secure. One of the things that > you should make sure to avoid is exposing the file by accident. Another > thing that you could do is to have the credentials placed in the Python > Path somewhere and have the config import it in. > And if you do store it in a file in your application directory, make sure you never check it in to version control. -- Matt Gushee -------------- next part -------------- An HTML attachment was scrubbed... URL: From and.damore at gmail.com Wed Jul 29 08:17:04 2015 From: and.damore at gmail.com (Andrea D'Amore) Date: Wed, 29 Jul 2015 08:17:04 +0200 Subject: [Flask] Database credentials in clear text In-Reply-To: References: Message-ID: On 28 July 2015 at 16:46, Matt Shields wrote: > So far as I've been developing all my credentials have been contained in a > config.py file in clear text. Is there any way to not keep these in clear > text or in a file in the application path? > One of our .NET developers mentioned that when they are developing .NET > apps, they put all their credentials into the Windows Locker and their app > is authorized to get the credentials as needed. You are possibly looking at something like python keyring [1], I'm not sure about Windows Locker but I wrote a small app that used the system's keychain on OS X and Debian. Notice that the latter used GNOME's keychain in graphical session but then when I connected via ssh the required environment vars weren't right there and keyring used a file storage into an own config folder, I took a while for me to figure why I wasn't finding the credentials I had already stored. [1] https://pypi.python.org/pypi/keyring -- Andrea