[SECURITY FIX] Potential database password leak while in DEBUG mode

349b2ba3 · sim · 679973e8 · 349b2ba3 · 349b2ba3 · 349b2ba3
Commit 349b2ba3 authored Dec 07, 2017 by sim
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 3 deletions

env.py alembic/env.py +2 -1

settings.py gargantext/settings.py +1 -1

db.py gargantext/util/db.py +1 -1

No files found.
--- a/alembic/env.py
+++ b/alembic/env.py
@@ -18,7 +18,8 @@ from gargantext import settings, models
 # this is the Alembic Config object, which provides
 # access to the values within the .ini file in use.
 config = context.config
-config.set_main_option("sqlalchemy.url", settings.DATABASES['default']['URL'])
+config.set_main_option("sqlalchemy.url",
+    settings.DATABASES['default']['SECRET_URL'])

 # Interpret the config file for Python logging.
 # This line sets up loggers basically.

--- a/gargantext/settings.py
+++ b/gargantext/settings.py
@@ -158,7 +158,7 @@ DATABASES = {
        },
    }
 }
-DATABASES['default']['URL'] = \
+DATABASES['default']['SECRET_URL'] = \
    'postgresql+psycopg2://{USER}:{PASSWORD}@{HOST}:{PORT}/{NAME}'.format(
        **DATABASES['default']
    )

--- a/gargantext/util/db.py
+++ b/gargantext/util/db.py
@@ -10,7 +10,7 @@ from sqlalchemy import delete

 def get_engine():
    from sqlalchemy import create_engine
-    return create_engine( settings.DATABASES['default']['URL']
+    return create_engine( settings.DATABASES['default']['SECRET_URL']
                        , use_native_hstore = True
                        , json_serializer = json_dumps
                        , pool_size=20, max_overflow=0