[Flask] Database credentials in clear text

Matt Gushee matt at gushee.net
Wed Jul 29 00:34:31 CEST 2015

On Tue, Jul 28, 2015 at 9:10 AM, Jonathan Chen <tamasiaina at gmail.com> wrote:

> Yeah, I've had experience with a "credential wallet" type of product with
> Oracle applications. Nothing like that I know of exists currently for
> Python. For test/development it really doesn't matter if the cleartext is
> available there, but in production there are a few strategies that a devops
> person can do to make sure that it is more secure. One of the things that
> you should make sure to avoid is exposing the file by accident. Another
> thing that you could do is to have the credentials placed in the Python
> Path somewhere and have the config import it in.

And if you do store it in a file in your application directory, make sure
you never check it in to version control.

Matt Gushee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20150728/be0c822f/attachment.html>

More information about the Flask mailing list