id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
17101	Add --deploy option to check management command	Carl Meyer	Tim Graham	"There has been discussion of integrating something similar to [http://pypi.python.org/pypi/django-secure django-secure] into Django core, to help users check some common deployment mis-configurations. We probably want to use a name like ""checkdeploy"" rather than ""checksecure"", both to allow for a broader range of checks to be included, and to avoid giving users a false sense that a successful runs means their code is secure.

This would include checking SESSION_COOKIE_SECURE, SESSION_COOKIE_HTTPONLY, X_FRAME_OPTIONS (and the middleware); these are all things which django-secure currently checks.

It could also include checking for common python path issues, existence of 500/404 templates (if you're using the default 404/500 handlers)...

And of course it should be pluggable so third-party apps can provide additional checks that users can include (and users should be able to disable built-in checks if they determine it doesn't apply to them for whatever reason)."	New feature	closed	Core (Management commands)	dev	Normal	fixed			Accepted	1	0	0	0	0	0