Opened 10 years ago

Closed 8 years ago

#631 closed enhancement (invalid)

Document common security precautions

Reported by: GrumpySimon Owned by: jacob
Component: Documentation Version:
Severity: minor Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

Some discussion of the security precautions needed ( or not ) during application development is, I think, essential for a web application framework.

For example:

  • what should people do to protect against SQL injection? Do we need to run an escaping on incoming data or is it sanitised elsewhere?
  • What about Cross Site Scripting?
  • What type of queries should be avoided as hard on the database ( e.g. is foo.get_object( pk=1, select_related=True ) going to melt down your RDBMS ).
  • How is the admin section secured?
  • Has anyone completed a security audit of the backend code?


Change History (1)

comment:1 Changed 8 years ago by Simon G. <dev@…>

  • Resolution set to invalid
  • Status changed from new to closed

Covered in the relevant sections of the docs and in the Django Book [1].

[1] http://www.djangobook.com/en/beta/chapter20/

Note: See TracTickets for help on using tickets.
Back to Top