I'm using github for open-source development of some web2py apps and want to make sure I'm not exposing any data that would be a security risk. As far as I can tell, the sensitive pieces of data in a standard app would be:
- email account information (by default in db.py) - any recaptcha keys (by default in db.py) - the private/auth.key file What about the Auth.settings.hmac_key that appears in my db.py? (As you can tell, I'm not familiar with much of how these encryption schemes work.) Anything else that I'm missing? My plan is to have db.py read any sensitive data from a text file on the server, in a folder that isn't shared on github. Ian --
