Opened 7 years ago
Closed 7 years ago
#29025 closed New feature (wontfix)
Security middleware for insecure (HTTP) connections
Reported by: | Vishwas Mittal | Owned by: | Vishwas Mittal |
---|---|---|---|
Component: | HTTP handling | Version: | 2.0 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Hello everyone,
I am starting my contribution to Django and I would like to propose a security middleware that can provide some layer of security even in HTTP connections by encrypting the request and response.
Here I will implement an SSL type feature in the backend and will also provide a corresponding frontend implementation that can be used to complete the encryption-decryption couple.
Please share your thoughts and valuable suggestions, I will appreciate any type of help I can get from you.
P.S. This is just a brief intro about the feature, if you like this and feels something achievable then we can discuss it in detail.
Regards
Vishwas
Change History (6)
comment:1 by , 7 years ago
Owner: | changed from | to
---|
follow-up: 3 comment:2 by , 7 years ago
comment:3 by , 7 years ago
Replying to Aymeric Augustin:
Why should Django reinvent HTTPS instead of simply recommend to use it?
Sometimes many users (including me) uses their Django server on the computer only (for local networks) this can pose some problem of security and sometimes for some servers (say for non-commercial purposes) the server can be HTTP.
Here I am not saying to use it every time, there can be a check if the network is not HTTPS then we can use it's protection else just bypass it.
follow-up: 5 comment:4 by , 7 years ago
There already exists 3rd party app(s) that does the job. (https://github.com/teddziuba/django-sslserver being one example).
I don't see much of enhancement over that library and it seems to be relatively solid implementation for development purposes.
comment:5 by , 7 years ago
Replying to Jani Tiainen:
There already exists 3rd party app(s) that does the job. (https://github.com/teddziuba/django-sslserver being one example).
I don't see much of enhancement over that library and it seems to be relatively solid implementation for development purposes.
And it's standard HTTPS, no need to have anything special "frontend" or "backend".
Yeah, you are right! I didn't find this type of apps earlier. Thanks for your suggestions.
comment:6 by , 7 years ago
Resolution: | → wontfix |
---|---|
Status: | assigned → closed |
The django-developers discussion hasn't yielded a consensus to incorporate this into Django.
Why should Django reinvent HTTPS instead of simply recommend to use it?