Forums

are backend .py files for a web app accessible to the public?

I have a web app which would let a reddit user update their subreddit flair via a web form. The config file for this app contains login info including password for a mod account in plaintext as well as api_key and client secret. Is this secure and safe to deploy or will someone be able to navigate to reading that config file and get the credentials?

Someone will only be able to access your files if you serve them from a static files directory or if you have some code in your web app that serves the file. As long as you're not doing that you're safe.

So if it's sitting in my home/mysite/ directory, next to the .py that has the flask stuff? Is that a static directory?

If you make it a static directory from your web app configuration page, then it's a static directory. Otherwise it's not.

Sorry for the newbness. I have nothing in my 'static files' list under the web app page, so then it's good, right?

Yes, that's fine.

thanks!