The most robust way to manage production-settings is via . Following the 12-Factor App methodology, your code should be agnostic of its environment.
Ensuring cookies are only sent over encrypted connections ( SESSION_COOKIE_SECURE = True ). production-settings
Restrict your application to only respond to specific domain names or IP addresses. This prevents HTTP Host header attacks. The most robust way to manage production-settings is via
Instead of having a settings_production.py file checked into Git, your code should look for: DATABASE_URL = os.environ.get('DATABASE_URL') production-settings