Issue 1: Insecure database reset in production #1
Description
Title: reset_db.py: Missing environment check prevents dropping production databases
Body:
The reset_db.py script lacks a robust check to prevent accidental execution against a production database. While the script uses environment variables, it doesn't have a mechanism (like a flag) to confirm the user's intent to reset the database, especially in a production environment. A rogue execution of this script against the production database could lead to catastrophic data loss.
To mitigate this, implement a double-check mechanism or a confirmation prompt that requires explicit user input. For example, an environment variable, like ALLOW_PRODUCTION_RESET=false, could be used, and the script would only proceed if that variable is set to true and the user provides an interactive confirmation.
Example code to add to the beginning of reset_db.py:
# Check if in production and prevent accidental reset
if os.getenv('FLASK_ENV') == 'production':
allow_reset = os.getenv('ALLOW_PRODUCTION_RESET', 'false').lower() == 'true'
if not allow_reset:
print("ERROR: You are attempting to reset a PRODUCTION database. This is highly discouraged.")
print("To proceed, set the environment variable ALLOW_PRODUCTION_RESET=true AND confirm the reset.")
confirmation = input("Are you absolutely sure you want to proceed? (yes/no): ").lower()
if confirmation != 'yes':
print("Database reset aborted.")
exit(1)