Opened 13 years ago

Closed 12 years ago

#631 closed enhancement (invalid)

Document common security precautions

Reported by: GrumpySimon Owned by: Jacob
Component: Documentation Version:
Severity: minor Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Some discussion of the security precautions needed ( or not ) during application development is, I think, essential for a web application framework.

For example:

  • what should people do to protect against SQL injection? Do we need to run an escaping on incoming data or is it sanitised elsewhere?
  • What about Cross Site Scripting?
  • What type of queries should be avoided as hard on the database ( e.g. is foo.get_object( pk=1, select_related=True ) going to melt down your RDBMS ).
  • How is the admin section secured?
  • Has anyone completed a security audit of the backend code?

Change History (1)

comment:1 Changed 12 years ago by Simon G. <dev@…>

Resolution: invalid
Status: newclosed

Covered in the relevant sections of the docs and in the Django Book [1].


Note: See TracTickets for help on using tickets.
Back to Top