security: untrack db.sqlite3, remove hardcoded admin credentials, add LICENSE#1
Open
Repetto-A wants to merge 1 commit into
Open
security: untrack db.sqlite3, remove hardcoded admin credentials, add LICENSE#1Repetto-A wants to merge 1 commit into
Repetto-A wants to merge 1 commit into
Conversation
…dd LICENSE and gitignore
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Security and housekeeping fixes for this public portfolio project.
Changes
git rm --cached db.sqlite3— stop tracking the SQLite database file (was committed to the repo)db.sqlite3and*.dbto.gitignoreto prevent re-committingadmin/testpasswordsection) — replaced withpython manage.py createsuperuserinstructionLICENSEfile (MIT) — README claimed MIT but no LICENSE file existedmedia/to.gitignoreWhy
A public repo with committed default credentials is a red flag to recruiters and a real (if minor) security smell. The db.sqlite3 file may contain seeded or test records that shouldn't be in version control.
Note
This does NOT purge db.sqlite3 from git history (that requires
git filter-repo). Since this is a portfolio/demo project with test data, stopping tracking is sufficient. If the DB contained real user data, history purge would be needed.