Simon Willison’s Weblog

Subscribe

Wednesday, 14th April 2021

TIL Using json_extract_path in PostgreSQL — The `json_extract_path()` function in PostgreSQL can be used to extract specific items from JSON - but I couldn't find documentation for the path language it uses.
14th Apr 2021, 12:29 am
Release django-sql-dashboard 0.8a0 — Django app for building dashboards using raw SQL queries
14th Apr 2021, 5:55 am
Release django-sql-dashboard 0.8a1 — Django app for building dashboards using raw SQL queries
14th Apr 2021, 6:09 am
Release django-sql-dashboard 0.8a2 — Django app for building dashboards using raw SQL queries
14th Apr 2021, 6:22 am

Why you shouldn’t use ENV variables for secret data (via) I do this all the time, but this article provides a good set of reasons that secrets in environment variables are a bad pattern—even when you know there’s no multi-user access to the host you are deploying to. The biggest problem is that they often get captured by error handling scripts, which may not have the right code in place to redact them. This article suggests using Docker secrets instead, but I’d love to see a comprehensive write-up of other recommended patterns for this that go beyond applications running in Docker.

# 6:22 pm / security

Monday, 12th April 2021
Thursday, 15th April 2021

2021 » April

MTWTFSS
   1234
567891011
12131415161718
19202122232425
2627282930