I am not sure if it is not secure to have a plain text password for my PostgreSQL database connection.
i.e
In my "settings.py" file:
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': 'my_database', # database name
'USER': 'username', # P.user
'PASSWORD': 'plaintext password goes here',
'HOST': 'localhost', # where is locate our database?
'PORT': '',
}
}
If it is not secure please give more information about how to handle this situation.
Note: I am using https for my webpage but I'm just wanna know if I have to secure this also even if the connection is locally.
No it's not secure to keep password as a plain text in your source code. You may make your project open source and forgot to remove password from repository, or you can copy code to the SO question:) and don't remove password. So it's better to keep password and other secrets for example SECRET_KEY as environment variable.
During development you can use python-dotenv library for this. So your settings.py file will looks like this:
from dotenv import load_dotenv
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.postgresql_psycopg2',
'NAME': 'my_database', # database name
'USER': 'username', # P.user
'PASSWORD': os.environ.get('PASSWORD'),
'HOST': 'localhost', # where is locate our database?
'PORT': '',
}
}