

Tell HN: Django Github users,don't expose your EMAIL_HOST_PASSWORD - throwawaywoot

I dont know if there is a better way to share this but looks like some naive Django users might be exposing their email passwords. Django settings uses EMAIL_HOST_PASSWORD by default to store the password. Many people are hardcoding their passwords by using this.<p>https:&#x2F;&#x2F;github.com&#x2F;search?q=EMAIL_HOST_PASSWORD&amp;ref=searchresults&amp;type=Code
======
finnn
I feel someone should proly explain "the right way" to do it, which (as far as
I know) is something like what the first few results on that list do. Have a
settings.example.py or something in the git, then instruct the user to copy it
to settings.py and fill in the approiate values.

For example:

[https://github.com/dansackett/bucketlist/blob/d5eaf407d931ea...](https://github.com/dansackett/bucketlist/blob/d5eaf407d931eaf21f896b4f1208539a3e84451f/bucketlist/settings/local.py.example)

~~~
edavis
Environment variables work for this sort of thing:

EMAIL_HOST_PASSWORD = os.getenv('EMAIL_HOST_PASSWORD')

