Vetsi bezpecnost tajneho session key

2015-05-14 02:46:15 +02:00 · 2015-05-14 02:46:15 +02:00 · 14b678f111
commit 14b678f111
parent b14b92c5eb
2 changed files with 3 additions and 3 deletions
--- a/mamweb/settings_common.py
+++ b/mamweb/settings_common.py
@ -155,7 +155,7 @@ try:
    with open(os.path.join(os.path.dirname(__file__), '..', 'django.secret')) as f:
        SECRET_KEY = f.readline().strip()
 except:
-    SECRET_KEY = ')^u=i65*zmr_k53a*@f4q_+ji^o@!pgpef*5&8c7zzdqwkdlkj'
+    SECRET_KEY = '12345zmr_k53a*@f4q_+ji^o@!pgpef*5&8c7zzdqwkdlkj'

 # MaM specific

--- a/mamweb/settings_prod.py
+++ b/mamweb/settings_prod.py
@ -8,14 +8,14 @@ INSTALLED_APPS += (
    )

 # SECURITY WARNING: keep the secret key used in production secret!
-#SECRET_KEY = TODO
+assert not SECRET_KEY.startswith('12345')

 # SECURITY WARNING: don't run with debug turned on in production!
 DEBUG = False

 TEMPLATE_DEBUG = False

-ALLOWED_HOSTS = ['mam.mff.cuni.cz']
+ALLOWED_HOSTS = ['mam.mff.cuni.cz', 'www.mam.mff.cuni.cz', 'atrey.karlin.mff.cuni.cz']

 # Database
 # https://docs.djangoproject.com/en/1.7/ref/settings/#databases