id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 631 Document common security precautions GrumpySimon Jacob "Some discussion of the security precautions needed ( or not ) during application development is, I think, essential for a web application framework. For example: * what should people do to protect against SQL injection? Do we need to run an escaping on incoming data or is it sanitised elsewhere? * What about Cross Site Scripting? * Is there an equivalent of something like PHP's http://www.php.net/htmlspecialchars to sanitise potentially dodgy user inputted text? * What type of queries should be avoided as hard on the database ( e.g. is foo.get_object( pk=1, select_related=True ) going to melt down your RDBMS ). * How is the admin section secured? * Has anyone completed a security audit of the backend code? " enhancement closed Documentation minor invalid Unreviewed 0 0 0 0 0 0