Details
-
Type: Task
-
Status: Closed (View Workflow)
-
Priority: Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: None
-
Labels:None
-
Story Points:4
-
Epic Link:
-
Sprint:Spring 5 : 16 Mar to 27 Mar, Spring 6 : 30 Mar to Apr 10, Spring 7 : 13 Apr to 24 Apr, Spring 8 : 24 Apr to 8 May, Spring 8 : 11 May to 25 May, Spring 9 : 25 May to 8 Jun
Description
Task: Investigate and implement changes to increase our security pre deployment. For example, the endpoint for refreshing the app info (SyncAppDataToBioViz) needs to require some kind of password that only the BioViz Connect team has access to.
We also need to make sure the various server databases have sufficiently strong passwords.
Check the Django settings.py status of debug. When I was getting ready to deploy connect.bioviz.org, the settings.ini had debug set to false, but this was not being propagated to settings.py, as Django still thought that debug was enabled. I had to override debug in settings.py to convince Django to not be in debug mode.
EDIT:
Chaitanya fixed it:
oh, i think i know whats going wrong, the config('debug') is being treated as String which is True and hence showing Debug page
could you please try replacing the debug line in settings.py with this line
DEBUG = config('DEBUG', default=False, cast=bool)
casting the config to bool before using it