From the course: Secure Coding in Python
Join today to access over 25,500 courses taught by industry experts.
Flask secrets - Python Tutorial
From the course: Secure Coding in Python
Flask secrets
Flask offers lots of flexibility when it comes to your app's configuration. Now, security misconfiguration is OWASP Top 10's fifth vulnerability, and when we have lots of flexibility, we have to really be careful and make deliberate choices about how we configure our application. One of the important things in configuring our application is keeping our secret key safe. Keeping the secret key safe is crucial to session content integrity, and it should be kept out of source code and source control. It also must be random. Let's go ahead and set our applications secret key. So here, after I have instantiated my app, I'm going to go ahead and make some space here. And I'll go ahead and say, with open a file named secret_key. txt, and it's read mode. As f, and that's going to reference my file. App.secret_key is f. read, and I'll also invoke strip. Now, keep in mind, this is not an ideal location for a production application. We're doing this for this demonstration in production. Once…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.