Opened 5 years ago

Closed 5 years ago

#13578 closed (wontfix)

Hack to prevent project files (passwords, etc.) from being served by some Apache (RFE)

Reported by: JonathanHayward Owned by: nobody
Component: Documentation Version: 1.1
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:


For , users are strongly advised to store project files outside the directories served up by a server.

I'm not sure whether this should be advised in the documentation, but for Apache, if AllowOverride is enabled as it often is, a .htaccess file that contains a syntax error will cause an error page to be displayed on attempted access. If such a .htaccess file is included, there is an extra layer of protection. (This could be advised in the documentation or include in startproject).


Change History (1)

comment:1 Changed 5 years ago by russellm

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to wontfix
  • Status changed from new to closed

Thanks for the suggestion, but I think that this is a bit out of scope for Django's tutorial. On the very first page of a tutorial, we don't want to get stuck into the specifics of Apache configuration. Advising people to keep their code out of their Apache root is a basic level of safety, but when people get to deployment for real, we want them to hunt down better sources of information.

Note: See TracTickets for help on using tickets.
Back to Top