|
Graham Dumpleton
grahamd at dscpl.com.au
Thu Mar 2 16:41:11 EST 2006
Deron Meranda wrote .. > On 3/2/06, Nicolas Lehuen <nicolas at lehuen.com> wrote: > > For example : > > > > # index.py > > # BAD ! > > secret_password = "foobar" > > Or even better yet, if your code must know about secret passwords > (which is common for opening database connections, etc.), use > something like, > > # index.py > _secret_password = open('.secret','r').read().strip() > > and then store the password itself in the file ".secret". > > The leading dot in the filename will insure that Apache won't serve > that file up with the default apache config. [Somebody correct me > if this is different for Windows]. Stand corrected then. Using a leading dot doesn't protect it on UNIX like systems. The only safe way is to not put it in the directory in the first place. BTW, that code wouldn't work anyway, as you use a relative path but working directory will not actually be that directory so it will not find it. Graham
|