chore(security): remove hardcoded security key
Remove hardcoded security key for flask. Use environment variable instead.
This commit is contained in:
@@ -6,3 +6,8 @@
|
||||
- **Q1.2**: The secret key for flask is hard coded. Is this good practice? What are the dangers? How could this be fixed?
|
||||
- **Q1.3**: Give a short description of *Linter*. Integrate a basic linter like [Flake8](https://flake8.pycqa.org/en/latest/) or [Ruff](https://github.com/astral-sh/ruff) in the existing CI/CD pipeline
|
||||
- **Q1.4 (optional)**: The run of the current CI/CD pipeline takes some time. Especially the time to setup the docker with the update and installation of all the dependencies is quite time consuming compared to the real testing time. Do you see any alternatives to speed up this process? Describe and try to implement it in your pipeline.
|
||||
|
||||
# Answers - Part 1
|
||||
## Q1.2
|
||||
- It's a very bad practice. The secret key will be exposed in the codebase and can be easily accessed by anyone who has access to the codebase. This can lead to security vulnerabilities and compromise the integrity of the application.
|
||||
- To fix this, you can use environment variables to store the secret key.
|
||||
|
||||
Reference in New Issue
Block a user