On Sun, Nov 14, 2010 at 1:23 PM, John Fabiani <jo...@jfcomputer.com> wrote: > On Sunday, November 14, 2010 09:19:01 am Shawn Milochik wrote: >> It's definitely possible. I've seen that myself before. >> >> Shawn > > While in this runserver mode is my database password exposed? > > Johnf
I don't think there's any way they can get that. However, the development server is not tested for security and not meant to be used in any situation which requires any security. It wouldn't hurt to change your database password. What command were you running to execute the development server? By default it only serves your app on port 8000, and to localhost only. You'd have to explicitly serve it on a publicly-accessible port and allow access to clients other than 127.0.0.1. Is your development server publicly accessible? Most people do their development on a machine behind a NAT router, which should be pretty safe unless you're explicitly forwarding ports to your personal computer. Shawn -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
