Update .gitignore for enhanced security and modify app.py to bind to localhost

Vijay Vishwakarma · Vijay Vishwakarma · commit 20ad0e00584c · 2025-08-29T22:41:20.000+05:30
diff --git a/.gitignore b/.gitignore
@@ -70,3 +70,20 @@ logs/
 # Test files
 test_*.py
 *_test.py
+
+# Security - Credential Protection
+*.env
+*production.env*
+*config/production.env*
+.env.*
+secrets.*
+credentials.*
+passwords.*
+*secrets*
+*credentials*
+config/production.env
+config/*.env
+
+# Flask session files
+flask_session/
+instance/
diff --git a/app.py b/app.py
@@ -1820,4 +1820,7 @@ def admin_remove_photo(user_dn):
 
 if __name__ == '__main__':
     # Production configuration - debug disabled for security
-    app.run(debug=False, host='0.0.0.0', port=5000)
+    # Bind to localhost only for security - use reverse proxy for external access
+    host = os.getenv('HOST', '127.0.0.1')  # Default to localhost, override via environment
+    port = int(os.getenv('PORT', '5000'))
+    app.run(debug=False, host=host, port=port)
