Passwords in source ? #271
Description
I came across this article and I noticed that you have your database password hardcoded in the source. If this is being used in production, it should be changed. Even if it isn't, I think it's a good idea to remove the environment variables altogether from the source and pass them as a file that's not in source code and is shipped using a secure method.
I would be happy to contribute the change. Please let me know if this project is still alive