Opened 6 years ago

Closed 6 years ago

#29025 closed New feature (wontfix)

Security middleware for insecure (HTTP) connections

Reported by: Vishwas Mittal Owned by: Vishwas Mittal
Component: HTTP handling Version: 2.0
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Hello everyone,

I am starting my contribution to Django and I would like to propose a security middleware that can provide some layer of security even in HTTP connections by encrypting the request and response.

Here I will implement an SSL type feature in the backend and will also provide a corresponding frontend implementation that can be used to complete the encryption-decryption couple.

Please share your thoughts and valuable suggestions, I will appreciate any type of help I can get from you.

P.S. This is just a brief intro about the feature, if you like this and feels something achievable then we can discuss it in detail.

Regards
Vishwas

Change History (6)

comment:1 by Vishwas Mittal, 6 years ago

Owner: changed from nobody to Vishwas Mittal

comment:2 by Aymeric Augustin, 6 years ago

Why should Django reinvent HTTPS instead of simply recommend to use it?

in reply to:  2 comment:3 by Vishwas Mittal, 6 years ago

Replying to Aymeric Augustin:

Why should Django reinvent HTTPS instead of simply recommend to use it?

Sometimes many users (including me) uses their Django server on the computer only (for local networks) this can pose some problem of security and sometimes for some servers (say for non-commercial purposes) the server can be HTTP.

Here I am not saying to use it every time, there can be a check if the network is not HTTPS then we can use it's protection else just bypass it.

comment:4 by Jani Tiainen, 6 years ago

There already exists 3rd party app(s) that does the job. (https://github.com/teddziuba/django-sslserver being one example).

I don't see much of enhancement over that library and it seems to be relatively solid implementation for development purposes.

And it's standard HTTPS, no need to have anything special "frontend" or "backend".

Last edited 6 years ago by Jani Tiainen (previous) (diff)

in reply to:  4 comment:5 by Vishwas Mittal, 6 years ago

Replying to Jani Tiainen:

There already exists 3rd party app(s) that does the job. (https://github.com/teddziuba/django-sslserver being one example).

I don't see much of enhancement over that library and it seems to be relatively solid implementation for development purposes.

And it's standard HTTPS, no need to have anything special "frontend" or "backend".

Yeah, you are right! I didn't find this type of apps earlier. Thanks for your suggestions.

comment:6 by Tim Graham, 6 years ago

Resolution: wontfix
Status: assignedclosed

The django-developers discussion hasn't yielded a consensus to incorporate this into Django.

Note: See TracTickets for help on using tickets.
Back to Top