[SECURITY FIX] Potential database password leak while in DEBUG mode

4f1c8c44 · sim · 4380a775 · 4f1c8c44 · 4f1c8c44 · 4f1c8c44
Commit 4f1c8c44 authored Dec 07, 2017 by sim
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 3 deletions

env.py gargalembic/env.py +2 -1

settings.py gargantext/backend/settings.py +1 -1

db.py gargantext/util/db.py +1 -1

No files found.
--- a/gargalembic/env.py
+++ b/gargalembic/env.py
@@ -14,7 +14,8 @@ from gargantext import models
 # this is the Alembic Config object, which provides
 # access to the values within the .ini file in use.
 config = context.config
-config.set_main_option("sqlalchemy.url", settings.DATABASES['default']['URL'])
+config.set_main_option("sqlalchemy.url",
+    settings.DATABASES['default']['SECRET_URL'])
 # Interpret the config file for Python logging.
 # This line sets up loggers basically.

--- a/gargantext/backend/settings.py
+++ b/gargantext/backend/settings.py
@@ -131,7 +131,7 @@ DATABASES = {
        },
    }
 }
-DATABASES['default']['URL'] = \
+DATABASES['default']['SECRET_URL'] = \
    'postgresql+psycopg2://{USER}:{PASSWORD}@{HOST}:{PORT}/{NAME}'.format(
        **DATABASES['default']
    )

--- a/gargantext/util/db.py
+++ b/gargantext/util/db.py
@@ -10,7 +10,7 @@ from sqlalchemy import delete
 def get_engine():
    from sqlalchemy import create_engine
-    return create_engine( settings.DATABASES['default']['URL']
+    return create_engine( settings.DATABASES['default']['SECRET_URL']
                        , use_native_hstore = True
                        , json_serializer = json_dumps
                        , pool_size=20, max_overflow=0