Opened 19 years ago

Closed 18 years ago

#631 closed enhancement (invalid)

Document common security precautions

Reported by: GrumpySimon Owned by: Jacob
Component: Documentation Version:
Severity: minor Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Some discussion of the security precautions needed ( or not ) during application development is, I think, essential for a web application framework.

For example:

  • what should people do to protect against SQL injection? Do we need to run an escaping on incoming data or is it sanitised elsewhere?
  • What about Cross Site Scripting?
  • What type of queries should be avoided as hard on the database ( e.g. is foo.get_object( pk=1, select_related=True ) going to melt down your RDBMS ).
  • How is the admin section secured?
  • Has anyone completed a security audit of the backend code?


Change History (1)

comment:1 by Simon G. <dev@…>, 18 years ago

Resolution: invalid
Status: newclosed

Covered in the relevant sections of the docs and in the Django Book [1].

[1] http://www.djangobook.com/en/beta/chapter20/

Note: See TracTickets for help on using tickets.
Back to Top