diff --git a/Large-app-how-to.md b/Large-app-how-to.md
index c056b4b..5d20b4b 100644
--- a/Large-app-how-to.md
+++ b/Large-app-how-to.md
@@ -1,10 +1,12 @@
 This document is an attempt to describe the first step of a large project structure with flask and some basic modules:
+
 * SQLAlchemy
 * WTF (What The Form)
 
 Please feel free to fix and add you own tips.
 
 # Installation
+
 ## Flask
 [http://flask.pocoo.org/docs/installation/](Flask Installation)
 I recommend using virtual env: easy and allow multiple environment on the same machine and doesn't even require you to have super user right on the machine (as the libs are localy installed).
@@ -64,4 +66,36 @@ We'll create 4 modules, a user module (manage user's registration, login, passwo
 
     os.environ['PYTHONINSPECT'] = 'True'
 
+`config.py` will be storing all the module configurations. Here, the database is setup to use SQLite, because it's a very convenient dev env database. Most likely `config.py` won't be a part of your repository and will be different on your test and production servers.
 
+    import os
+    _basedir = os.path.abspath(os.path.dirname(__file__))
+
+    DEBUG = False
+
+    ADMINS = frozenset(['youremail@yourdomain.com'])
+    SECRET_KEY = 'SecretKeyForSessionSigning'
+
+    SQLALCHEMY_DATABASE_URI = 'sqlite:///' + os.path.join(_basedir, 'app.db')
+    DATABASE_CONNECT_OPTIONS = {}
+
+    THREADS_PER_PAGE = 8
+
+    CSRF_ENABLED=True
+    CSRF_SESSION_KEY="somethingimpossibletoguess"
+
+    RECAPTCHA_USE_SSL = False
+    RECAPTCHA_PUBLIC_KEY = 'blahblahblahblahblahblahblahblahblah'
+    RECAPTCHA_PRIVATE_KEY = 'blahblahblahblahblahblahprivate'
+    RECAPTCHA_OPTIONS = {'theme': 'white'}
+
+    del os
+
+* `_basedir` is a trick for you to get the folder where the script is run
+* `DEBUG` indicate that it is a dev environment, you'll get the very helpful error page from flask when an error occur.
+* `SECRET_KEY` will be use to sign the cookies. Change it and all your user will have to login again.
+* `ADMINS`
+* `SQLALCHEMY_DATABASE_URI` and `DATABASE_CONNECT_OPTIONS` are SQLAlchemy connection options (hard to guess )
+* `THREAD_PAGE` my understanding was 2/core... might be wrong :)
+* `CSRF_ENABLED` `CSRF_SESSION_KEY` is protecting against form post fraud
+* WTF comes with REPCAPTCHA field ready to use... just need to go to repcatcha website and get your public and private key.
\ No newline at end of file