A handy security checklist
Security is not an afterthought but is instead integral to the way you write applications. However, being human, it is handy to have a checklist to remind you of the common omissions.
The following points are a bare minimum of security checks that you should perform before making your Django application public:
- Don't trust data from a browser, API, or any outside sources: This is a fundamental rule. Make sure you validate and sanitize any outside data.
- Don't keep
SECRET_KEY
in version control: As a best practice, pickSECRET_KEY
from the environment. Check out thedjango-environ
package. - Don't store passwords in plain text: Store your application password hashes instead. Add a random salt as well.
- Don't log any sensitive ...
Get Django Design Patterns and Best Practices now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.