Enviar pesquisa
Carregar
Oops I Committed My Secret Key
•
1 gostou
•
219 visualizações
P
Philip James
Seguir
Lightning talk given at DjangoCon US 2016
Leia menos
Leia mais
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 13
Baixar agora
Baixar para ler offline
Recomendados
Thinking of filing bankruptcy?
Thinking of filing bankruptcy?
ambbiriznolatrneisha
Article page 10 - 11, Rocky Mountain Kids, Summer 2016
Article page 10 - 11, Rocky Mountain Kids, Summer 2016
LeAnn Fickes, MSW
Grado en ADE
Grado en ADE
Universidad de Deusto - Deustuko Unibertsitatea - University of Deusto
Gbi 2015
Gbi 2015
Liizeth CaDenna
Google academico 1
Google academico 1
reynafeliz
Semister 8 project
Semister 8 project
Sagar Parikh
Oh ffs, can we please stop estimating
Oh ffs, can we please stop estimating
Olga Loyev
Diaporamaconfernce2
Diaporamaconfernce2
Christian Meunier
Recomendados
Thinking of filing bankruptcy?
Thinking of filing bankruptcy?
ambbiriznolatrneisha
Article page 10 - 11, Rocky Mountain Kids, Summer 2016
Article page 10 - 11, Rocky Mountain Kids, Summer 2016
LeAnn Fickes, MSW
Grado en ADE
Grado en ADE
Universidad de Deusto - Deustuko Unibertsitatea - University of Deusto
Gbi 2015
Gbi 2015
Liizeth CaDenna
Google academico 1
Google academico 1
reynafeliz
Semister 8 project
Semister 8 project
Sagar Parikh
Oh ffs, can we please stop estimating
Oh ffs, can we please stop estimating
Olga Loyev
Diaporamaconfernce2
Diaporamaconfernce2
Christian Meunier
Punctuation and capitalization
Punctuation and capitalization
brayan gomez anaya
As populações e o espaço geográfico
As populações e o espaço geográfico
rdbtava
Governança de TIC
Governança de TIC
Eduardo Fagundes
Requirements for the Sacrament of Matrimony
Requirements for the Sacrament of Matrimony
Lourdes School of Mandaluyong
День Европы
День Европы
Надежда Прутская
Pc
Pc
lugo1997
Marcela rico
Marcela rico
lauramelisa
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Databarracks
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
Bernd Ruecker
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
A Framework for Development in the AI Age
A Framework for Development in the AI Age
Cprime
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
Knoldus Inc.
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
LoriGlavin3
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Mark Goldstein
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
LoriGlavin3
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
Ingrid Airi González
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
Hiroshi SHIBATA
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Nicole Novielli
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
Pixlogix Infotech
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
itnewsafrica
Mais conteúdo relacionado
Destaque
Punctuation and capitalization
Punctuation and capitalization
brayan gomez anaya
As populações e o espaço geográfico
As populações e o espaço geográfico
rdbtava
Governança de TIC
Governança de TIC
Eduardo Fagundes
Requirements for the Sacrament of Matrimony
Requirements for the Sacrament of Matrimony
Lourdes School of Mandaluyong
День Европы
День Европы
Надежда Прутская
Pc
Pc
lugo1997
Marcela rico
Marcela rico
lauramelisa
Destaque
(7)
Punctuation and capitalization
Punctuation and capitalization
As populações e o espaço geográfico
As populações e o espaço geográfico
Governança de TIC
Governança de TIC
Requirements for the Sacrament of Matrimony
Requirements for the Sacrament of Matrimony
День Европы
День Европы
Pc
Pc
Marcela rico
Marcela rico
Último
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
Curtis Poe
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Databarracks
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
Bernd Ruecker
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
A Framework for Development in the AI Age
A Framework for Development in the AI Age
Cprime
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
Knoldus Inc.
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
LoriGlavin3
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Mark Goldstein
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
LoriGlavin3
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
Ingrid Airi González
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
Hiroshi SHIBATA
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Nicole Novielli
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
BookNet Canada
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
Pixlogix Infotech
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
itnewsafrica
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
LoriGlavin3
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
marketing932765
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
LoriGlavin3
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
IES VE
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
Kari Kakkonen
Último
(20)
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
How to write a Business Continuity Plan
How to write a Business Continuity Plan
QCon London: Mastering long-running processes in modern architectures
QCon London: Mastering long-running processes in modern architectures
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
A Framework for Development in the AI Age
A Framework for Development in the AI Age
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
Oops I Committed My Secret Key
1.
Oops I Commi*ed
My Secret Key Philip James @phildini h*ps://www.wordfugue.com
2.
$ django-admin.py startproject
bestthingever $ git init $ git add . $ git commit -m "Initial commit” $ git push origin master
3.
4.
Wait, have I?
5.
YES. Signed Cookies Secure Sessions Password
Reset Tokens
6.
What do I
do?
7.
import os import warnings from
django.core.exceptions import ImproperlyConfigured def get_env_variable(var_name): """ Get the environment variable or return exception """ try: return os.environ[var_name] except KeyError: error_msg = "Set the %s env variable" % var_name if DEBUG: warnings.warn(error_msg) else: raise ImproperlyConfigured(error_msg)
8.
SECRET_KEY = get_env_variable("SECRET_KEY")
9.
How do I
get a new key?
10.
h*p://www.miniwebtool.com/django-secret-key-generator/ $ python manage.py
shell >>> from django.utils.crypto import get_random_string >>> get_random_string(length=50)
11.
What about my
users?
12.
OpOonal: No permanent
key
13.
Thanks. @phildini h*p://bit.ly/secret-key Come back at 1:15PM
for “Cat on yer head”!
Baixar agora