Security¶
Note
Had some things to do so did not get a chance to focus on this talk
by Paul McMillon
- Security expert since 1998
- Just now a core developer of Django
SSL - safe and secure¶
Are you doing it right?
- Standard way is to redirect from HTTP to HTTPS
- That doesn’t stop images on HTTP from sneaking in cookies
- Use HTTPS secure cookies!
- Use HTTP Strict Transport Secruity (HSTS)
Use django-secure¶
- Identifies these issues
Don’t put your database in your github repo¶
- Django needs better hashing
- Even on open source projects