id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
631	Document common security precautions	GrumpySimon	Jacob	"Some discussion of the security precautions needed ( or not ) during application development is, I think, essential for a web application framework. 

For example:

 * what should people do to protect against SQL injection? Do we need to run an escaping on incoming data or is it sanitised elsewhere?  
 * What about Cross Site Scripting? 
  * Is there an equivalent of something like PHP's  http://www.php.net/htmlspecialchars to sanitise potentially dodgy user inputted text?
 * What type of queries should be avoided as hard on the database ( e.g. is foo.get_object( pk=1, select_related=True ) going to melt down your RDBMS ). 
 * How is the admin section secured?
 * Has anyone completed a security audit of the backend code? 

 "	enhancement	closed	Documentation		minor	invalid			Unreviewed	0	0	0	0	0	0