This repository was archived by the owner on Oct 3, 2025. It is now read-only.
This repository was archived by the owner on Oct 3, 2025. It is now read-only.
Remover SECRET_KEY padrão #244
Description
Enquanto revisava as variáveis de ambiente definidas no Heroku (referência apyb/tarefas#60), percebi que a SECRET_KEY não estava definida. Ao ler o settings.py, vi que essa variável tem um valor padrão definido no código fonte do site.
Precisamos remover o valor padrão do SECRET_KEY.
Warning
Keep this value secret.
Running Django with a known SECRET_KEY defeats many of Django’s security protections, and can lead to privilege escalation and remote code execution vulnerabilities.
Documentação do Django sobre SECRET_KEY: https://docs.djangoproject.com/en/4.0/ref/settings/#std:setting-SECRET_KEY
associados/associados/settings.py
Lines 106 to 109 in a7a756e