{"id":2135,"date":"2011-10-20T15:33:38","date_gmt":"2011-10-20T23:33:38","guid":{"rendered":"http:\/\/blog.mozilla.org\/webdev\/?p=2135"},"modified":"2011-10-21T08:40:32","modified_gmt":"2011-10-21T16:40:32","slug":"open-sourcing-your-django-site","status":"publish","type":"post","link":"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/","title":{"rendered":"Open sourcing your Django site"},"content":{"rendered":"<p><em>This is the first in series of posts, focusing on issues around open sourcing your Django site and data privacy in Django.<\/em><\/p>\n<p>A lot of people focus on open sourcing their Django libraries, but at Mozilla we open source the entire site. Releasing your entire source code can lead to a few problems, firstly let&#8217;s look at your Django settings file.<\/p>\n<h3>Separating your settings<\/h3>\n<p>All Django sites come with a <code>settings.py<\/code> file. This file contains some key settings that you should not be releasing to the general public, such as <a href=\"https:\/\/docs.djangoproject.com\/en\/dev\/ref\/settings\/#databases\">database configuration<\/a> and the <a href=\"https:\/\/docs.djangoproject.com\/en\/dev\/ref\/settings\/#secret-key\">secret key<\/a>. The simple way to do this is have another file that contains the secret settings and then import it from <code>settings.py<\/code>. For example include this at the bottom of your <code>settings.py<\/code>:<\/p>\n<p><script src=\"https:\/\/gist.github.com\/1287619.js\"> <\/script><\/p>\n<p>All your sensitive settings can now kept in that local file on your server and should not be published as part of your site code. This file will override the base settings file.<\/p>\n<p>There are plenty of other examples on different ways to do this. You can do it in <a href=\"https:\/\/github.com\/mozilla\/zamboni\/blob\/master\/manage.py#L39\">manage.py<\/a>, or turn your <code>settings.py<\/code> into a folder that Python can import. Make sure that you ignore your <code>settings_local.py<\/code> file in your source control.<\/p>\n<p>If you add in new settings, make sure you add them into the main <code>settings.py<\/code> file. Even if they are just empty strings, lists or whatever, it will mean that when you call <code>settings.SOME_KEY<\/code> in your code, you won&#8217;t have to cope with the setting not being present. There&#8217;s nothing more tedious than writing lots of <a href=\"http:\/\/docs.python.org\/library\/functions.html#getattr\">getattr<\/a> code to cope with that.<\/p>\n<h3>Viewing settings on the server<\/h3>\n<p>One downside of doing this is that you might not be sure what your settings are on the server. At Mozilla only the system administrators who manage and deploy our servers can see the contents of that file. But it&#8217;s still helpful to check the settings on the server. For that we wrote a settings page that lists them out.<\/p>\n<p>Django helps by providing a method that lists the settings, but obscures those really sensitive values:<\/p>\n<p><script src=\"https:\/\/gist.github.com\/1302651.js\"> <\/script><\/p>\n<p>On <a href=\"https:\/\/addons.mozilla.org\">addons.mozilla.org<\/a> we require an account to have certain privileges before showing the page. But even if that did get broken into, you wouldn&#8217;t know our <code>SECRET_KEY<\/code> or anything very useful. Here&#8217;s how that page looks:<\/p>\n<p><img decoding=\"async\" src=\"http:\/\/farm7.static.flickr.com\/6109\/6264561859_9e3631ca72_z.jpg\"><\/p>\n<p>Now that you&#8217;ve got your settings files ready, you can confidently open source your Django project safe that you won&#8217;t be leaking any key data.<\/p>\n<p><em>In the next blog post we&#8217;ll look at scrubbing personal data from your database.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is the first in series of posts, focusing on issues around open sourcing your Django site and data privacy in Django. A lot of people focus on open sourcing their Django libraries, but at Mozilla we open source the &hellip; <a class=\"go\" href=\"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/\">Continue reading<\/a><\/p>\n","protected":false},"author":271,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[288],"tags":[553],"coauthors":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Open sourcing your Django site - Mozilla Web Development<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andy McKay\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/\",\"url\":\"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/\",\"name\":\"Open sourcing your Django site - Mozilla Web Development\",\"isPartOf\":{\"@id\":\"https:\/\/blog.mozilla.org\/webdev\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/farm7.static.flickr.com\/6109\/6264561859_9e3631ca72_z.jpg\",\"datePublished\":\"2011-10-20T23:33:38+00:00\",\"dateModified\":\"2011-10-21T16:40:32+00:00\",\"author\":{\"@id\":\"https:\/\/blog.mozilla.org\/webdev\/#\/schema\/person\/7e1881db0e8a23a4a06695f8a0efd6b8\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/#primaryimage\",\"url\":\"http:\/\/farm7.static.flickr.com\/6109\/6264561859_9e3631ca72_z.jpg\",\"contentUrl\":\"http:\/\/farm7.static.flickr.com\/6109\/6264561859_9e3631ca72_z.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.mozilla.org\/webdev\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Open sourcing your Django site\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.mozilla.org\/webdev\/#website\",\"url\":\"https:\/\/blog.mozilla.org\/webdev\/\",\"name\":\"Mozilla Web Development\",\"description\":\"For make benefit of glorious tubes\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.mozilla.org\/webdev\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.mozilla.org\/webdev\/#\/schema\/person\/7e1881db0e8a23a4a06695f8a0efd6b8\",\"name\":\"Andy McKay\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.mozilla.org\/webdev\/#\/schema\/person\/image\/96eb032e0f9fa78d076a49a55bf3cd09\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ad304e7a7d4f6fba05a81b10810fe6fd?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ad304e7a7d4f6fba05a81b10810fe6fd?s=96&d=mm&r=g\",\"caption\":\"Andy McKay\"},\"description\":\"Andy is an Engineering Manager at Mozilla. As a Canadian he tweets and blogs about curling, skiing, politics, maple syrup, bears and all things from the great white north.\",\"sameAs\":[\"http:\/\/mckay.pub\",\"https:\/\/x.com\/andymckay\"],\"url\":\"https:\/\/blog.mozilla.org\/webdev\/author\/amckaymozilla-com\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Open sourcing your Django site - Mozilla Web Development","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/","twitter_misc":{"Written by":"Andy McKay","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/","url":"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/","name":"Open sourcing your Django site - Mozilla Web Development","isPartOf":{"@id":"https:\/\/blog.mozilla.org\/webdev\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/#primaryimage"},"image":{"@id":"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/#primaryimage"},"thumbnailUrl":"http:\/\/farm7.static.flickr.com\/6109\/6264561859_9e3631ca72_z.jpg","datePublished":"2011-10-20T23:33:38+00:00","dateModified":"2011-10-21T16:40:32+00:00","author":{"@id":"https:\/\/blog.mozilla.org\/webdev\/#\/schema\/person\/7e1881db0e8a23a4a06695f8a0efd6b8"},"breadcrumb":{"@id":"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/#primaryimage","url":"http:\/\/farm7.static.flickr.com\/6109\/6264561859_9e3631ca72_z.jpg","contentUrl":"http:\/\/farm7.static.flickr.com\/6109\/6264561859_9e3631ca72_z.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/blog.mozilla.org\/webdev\/2011\/10\/20\/open-sourcing-your-django-site\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.mozilla.org\/webdev\/"},{"@type":"ListItem","position":2,"name":"Open sourcing your Django site"}]},{"@type":"WebSite","@id":"https:\/\/blog.mozilla.org\/webdev\/#website","url":"https:\/\/blog.mozilla.org\/webdev\/","name":"Mozilla Web Development","description":"For make benefit of glorious tubes","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.mozilla.org\/webdev\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.mozilla.org\/webdev\/#\/schema\/person\/7e1881db0e8a23a4a06695f8a0efd6b8","name":"Andy McKay","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.mozilla.org\/webdev\/#\/schema\/person\/image\/96eb032e0f9fa78d076a49a55bf3cd09","url":"https:\/\/secure.gravatar.com\/avatar\/ad304e7a7d4f6fba05a81b10810fe6fd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ad304e7a7d4f6fba05a81b10810fe6fd?s=96&d=mm&r=g","caption":"Andy McKay"},"description":"Andy is an Engineering Manager at Mozilla. As a Canadian he tweets and blogs about curling, skiing, politics, maple syrup, bears and all things from the great white north.","sameAs":["http:\/\/mckay.pub","https:\/\/x.com\/andymckay"],"url":"https:\/\/blog.mozilla.org\/webdev\/author\/amckaymozilla-com\/"}]}},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/blog.mozilla.org\/webdev\/wp-json\/wp\/v2\/posts\/2135"}],"collection":[{"href":"https:\/\/blog.mozilla.org\/webdev\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mozilla.org\/webdev\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/webdev\/wp-json\/wp\/v2\/users\/271"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mozilla.org\/webdev\/wp-json\/wp\/v2\/comments?post=2135"}],"version-history":[{"count":0,"href":"https:\/\/blog.mozilla.org\/webdev\/wp-json\/wp\/v2\/posts\/2135\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mozilla.org\/webdev\/wp-json\/wp\/v2\/media?parent=2135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mozilla.org\/webdev\/wp-json\/wp\/v2\/categories?post=2135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mozilla.org\/webdev\/wp-json\/wp\/v2\/tags?post=2135"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/blog.mozilla.org\/webdev\/wp-json\/wp\/v2\/coauthors?post=2135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}