Add a "security overview" page to the docs
|Reported by:||russellm||Owned by:||davidfischer|
|Cc:||djfische@…||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
We should have a single place in the docs that addresses security issues, in the same vein as the discussion on database optimization.
This is to highlight problems that aren't security issues, but could lead to security issues if not addressed or understood adequately.
- How XSS is handled
- How CSRF is handled
- Limitations of Django's CSRF handling with MItM attacks and with untrusted subdomains.
- Server configuration issues that should be kept in mind (e.g., keeping code out of the server root, throttling file upload size c.f. #14192).
Change History (13)
comment:1 Changed 5 years ago by russellm
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Accepted
Changed 5 years ago by db
comment:3 Changed 5 years ago by graham_king
- Keywords security added
- Severity set to Normal
- Type set to New feature
comment:7 Changed 5 years ago by davidfischer
- Has patch set
- Owner changed from nobody to davidfischer
Changed 5 years ago by davidfischer
comment:10 Changed 5 years ago by lukeplant
- Triage Stage changed from Accepted to Ready for checkin
- UI/UX unset