id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
14201	"Add a ""security overview"" page to the docs"	Russell Keith-Magee	David Fischer	"We should have a single place in the docs that addresses security issues, in the same vein as the [http://docs.djangoproject.com/en/dev/topics/db/optimization/ discussion on database optimization].

This is to highlight problems that aren't security issues, but could lead to security issues if not addressed or understood adequately.

Example topics: 
 * How XSS is handled
 * How CSRF is handled
 * Limitations of Django's CSRF handling with MItM attacks and with untrusted subdomains.
 * Server configuration issues that should be kept in mind (e.g., keeping code out of the server root, throttling file upload size c.f. #14192).
"	New feature	closed	Documentation	1.2	Normal	fixed	security	djfische@…	Ready for checkin	1	0	0	0	0	0