0
0
Djangoframework~20 mins

SECRET_KEY and security settings in Django - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Django Security Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
🧠 Conceptual
intermediate
1:30remaining
Why is the SECRET_KEY important in Django?
What is the main purpose of the SECRET_KEY in a Django project?
AIt stores the database connection password securely.
BIt is used to encrypt user passwords in the database.
CIt signs cookies and tokens to protect against tampering.
DIt controls the debug mode of the Django application.
Attempts:
2 left
💡 Hint
Think about what needs to be protected from being changed by attackers.
component_behavior
intermediate
1:30remaining
Effect of DEBUG=True on security
What happens if you leave DEBUG = True in your Django settings on a public website?
ADetailed error pages with sensitive info are shown to all users.
BThe site runs faster because debugging is enabled.
CThe SECRET_KEY is automatically hidden from logs.
DThe database connection is encrypted automatically.
Attempts:
2 left
💡 Hint
Consider what information an attacker might see if debugging is on.
📝 Syntax
advanced
2:00remaining
Correct way to set SECRET_KEY in settings.py
Which option correctly sets the SECRET_KEY in Django's settings.py using an environment variable with a fallback?
ASECRET_KEY = os.environ['DJANGO_SECRET_KEY'] or 'defaultsecret'
BSECRET_KEY = os.getenv('DJANGO_SECRET_KEY', 'defaultsecret')
CSECRET_KEY = os.get('DJANGO_SECRET_KEY', 'defaultsecret')
DSECRET_KEY = os.environ.get('DJANGO_SECRET_KEY') ?? 'defaultsecret'
Attempts:
2 left
💡 Hint
Check the correct method to get environment variables with a default value in Python.
🔧 Debug
advanced
1:30remaining
Identify the error in this security setting
What error will this Django setting cause?
SECURE_SSL_REDIRECT = 'True'
ATypeError because the value should be a boolean, not a string.
BSyntaxError due to quotes around True.
CRuntimeWarning about insecure connection.
DNo error; the setting works as expected.
Attempts:
2 left
💡 Hint
Check the data type expected for this setting.
state_output
expert
2:00remaining
Result of missing SECRET_KEY in production
What happens when you run a Django project in production mode without setting a SECRET_KEY?
ADjango generates a random SECRET_KEY each time the server starts.
BDjango disables session and cookie security features silently.
CDjango runs normally but logs a warning about missing SECRET_KEY.
DDjango raises an ImproperlyConfigured error and refuses to start.
Attempts:
2 left
💡 Hint
Think about how critical SECRET_KEY is for Django's security.