========
Security
========

Security files
--------------

A very simple way to make sure that passwords are not pushed in your VCS
is to exclude any file matching ``myproject/security*``. It would also
be a good idea to reduce the access to such files by removing read
rights for users other than the one running django.


VCS
---

Files that should not be pushed to your VCS are:

* ``env.py`` : to allow for multiple environments to run at the same
  time. If you're using git, you can add ``myproject/env.py`` in
  ``.gitignore``.
* any security file : repeat after me, **any** security data in your VCS
  is a **bad idea**. If you're using git you can add
  ``myproject/security*.py`` in ``.gitignore``.