Ticket #29800: doc_update.diff

File doc_update.diff, 1.0 KB (added by Sam Kuffer, 5 years ago)
  • docs/topics/security.txt

    diff --git a/docs/topics/security.txt b/docs/topics/security.txt
    index 549b473988..694bd3040e 100644
    a b security protection of the Web server, operating system and other components.  
    281281  list`_ which identifies some common vulnerabilities in web applications. While
    282282  Django has tools to address some of the issues, other issues must be
    283283  accounted for in the design of your project.
     284* Django's dev server (as well as other application servers such as Gunicorn)
     285  are vulnerable to `slow loris attacks`_. For this reason it is recommended
     286  to use a reverse proxy (`like nginx`_) for your deployment.
    285288.. _LimitRequestBody: https://httpd.apache.org/docs/2.4/mod/core.html#limitrequestbody
    286289.. _Top 10 list: https://www.owasp.org/index.php/Top_10-2017_Top_10
     290.. _slow loris attacks: https://en.wikipedia.org/wiki/Slowloris_(computer_security
     291.. _like nginx: https://uwsgi.readthedocs.io/en/latest/tutorials/Django_and_nginx.html#basic-nginx
Back to Top