mirror of
https://github.com/django/django.git
synced 2024-12-01 15:42:04 +01:00
Two additions to the deployment checklist.
Thanks Erik Romijn.
This commit is contained in:
parent
912b5d2a6b
commit
c94db53eaa
@ -93,6 +93,9 @@ connections from your application servers.
|
|||||||
Database connection parameters are probably different in development and in
|
Database connection parameters are probably different in development and in
|
||||||
production.
|
production.
|
||||||
|
|
||||||
|
Database passwords are very sensitive. You should protect them exactly like
|
||||||
|
:setting:`SECRET_KEY`.
|
||||||
|
|
||||||
For maximum security, make sure database servers only accept connections from
|
For maximum security, make sure database servers only accept connections from
|
||||||
your application servers.
|
your application servers.
|
||||||
|
|
||||||
@ -130,7 +133,9 @@ the login/password, the session cookie, and password reset tokens. (You can't
|
|||||||
do much to protect password reset tokens if you're sending them by email.)
|
do much to protect password reset tokens if you're sending them by email.)
|
||||||
|
|
||||||
Protecting sensitive areas such as the user account or the admin isn't
|
Protecting sensitive areas such as the user account or the admin isn't
|
||||||
sufficient, because the same session cookie is used for HTTP and HTTPS.
|
sufficient, because the same session cookie is used for HTTP and HTTPS. Your
|
||||||
|
web server must redirect all HTTP traffic to HTTPS, and only transmit HTTPS
|
||||||
|
requests to Django.
|
||||||
|
|
||||||
Once you've set up HTTPS, enable the following settings.
|
Once you've set up HTTPS, enable the following settings.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user