COMP3297 Software Engineering Department of Computer Science The University of
Individual Assignment 1: Deploying into Production 2 Quarantine Data Dashboard
After deploying a development version of your application successfully, you need to harden it a little for actual use in production. In this second worksheet you¡¯ll close some small remaining security vulnerabilities by adjusting application settings and/or storing them outside of your application¡¯s source code.
It is good practice to store these settings in environment variables. On Heroku you¡¯ll use config vars, just as you did in the previous worksheet to disable collectstatic.
Copyright By PowCoder代写 加微信 powcoder
You¡¯ll use the environs library to parse environment variables. This will also be useful in your groupwork to parse details needed to connect to the Postgres database provisioned by Heroku. Heroku stores those details in an environment variable.
1. Install environs.
Install it with Django support, as follows:
pipenv install environs[django]
In settings.py: Add the following import statement and code. A convenient place to add it is after the first import statement:
If you did not use Pipenv, remember to add the new dependency to requirements.txt
2. Set environment variables for added security in production.
Although you could do this from the Heroku CLI, just as you did for DISABLE_COLLECTSTATIC, let¡¯s use the Heroku Dashboard, and then you can decide which you prefer.
Login to the Heroku website, and you should now be in your Dashboard.
Click the app name to go to the app¡¯s Overview page. There, click Settings and then Reveal Config Vars
i) We want to move the application¡¯s SECRET_KEY (used by Django for many purposes) from where it is visible in settings.py and access it as a config var instead.
Add a new config vars key, QDD_SECRET_KEY (or similar), as shown, and set its value to your actual secret key from settings.py. You can add any other environment variables you wish in the same way.
Then, in settings.py: Set the value of SECRET_KEY from the config var. For example:
ii) Also, in settings.py, set DEBUG to False. It is currently True and would reveal detailed debug information to users following a problem in production.
Or you could set a config var, like QDD_DEBUG, with a value of 0 such that you can easily revert when needed. Thus:
3. Commit and push your changes to your Heroku remote and you are…DONE!!
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com