I am still in training learning all there is to being a Django Expert. I would like to know if there is any additional steps beside setting the debug value to false (found in settings.py), so that I can deploy my django project? Additionally in term of security what are my options because I am going to be launching my first ecommerce site on pythonanywhere?
Thank you.
Good question! Well, it's impossible to give a complete checklist without knowing every detail of your site, but here are a couple of things I'd recommend:
urls.py files), and think hard about it. Does it need an @login_required decorator? Is there any way an attacker could craft a request to that view that would give them information they shouldn't have? A classic example (which I'm sure you already have covered) would be a view_order view that took an order_id query parameter and didn't check that the order in question belonged to the user making the request. I'm sure you have obvious stuff like that covered, but a careful run-through of all of your views may well uncover non-obvious errors of the same kind. It certainly has for me in the past.SECRET_KEY setting to something different to the default. /admin/ site. Ideally, make your own username and password for administration stuff (set the is_staff flag for yourself) and once you've logged in and checked that you can administer the site from your own username, disable the admin login.That's all that springs to mind. Any other heavy Django users out there who'd like to make further suggestions?
giles
|
12680
posts
|
PythonAnywhere staff
|
