django-secure

Software Screenshot:
django-secure
Software Details:
Version: 0.1.2
Upload Date: 14 Apr 15
Developer: Carl Meyer
Distribution Type: Freeware
Downloads: 1
Download

Rating: nan/5 (Total Votes: 0)

django-secure is a Django app that helps you remember to do the stupid little things to improve your Django site's security.

Inspired by Mozilla's Secure Coding Guidelines, and intended for sites that are entirely or mostly served over SSL (which should include anything with user logins).

Quickstart

Tested with Django 1.2 through trunk, and Python 2.5 through 2.7. Quite likely works with older versions of both, though; it's not very complicated.

Installation

Install from PyPI with pip:

pip install django-secure

or get the in-development version:

pip install django-secure==dev

Usage

- Add "djangosecure" to your INSTALLED_APPS setting.
- Add "djangosecure.middleware.SecurityMiddleware" to your MIDDLEWARE_CLASSES setting (where depends on your other middlewares, but near the beginning of the list is probably a good choice).
- Set the SECURE_SSL_REDIRECT setting to True if all non-SSL requests should be permanently redirected to SSL.
- Set the SECURE_HSTS_SECONDS setting to an integer number of seconds, if you want to use HTTP Strict Transport Security.
- Set the SECURE_FRAME_DENY setting to True, if you want to prevent framing of your pages and protect them from clickjacking.
- Set SESSION_COOKIE_SECURE and SESSION_COOKIE_HTTPONLY to True if you are using django.contrib.sessions. These settings are not part of django-secure, but they should be used if running a secure site, and the checksecure management command will check their values.
- Run python manage.py checksecure to verify that your settings are properly configured for serving a secure SSL site.

Warning

If checksecure gives you the all-clear, all it means is that you're now taking advantage of a tiny selection of simple and easy security wins. That's great, but it doesn't mean your site or your codebase is secure: only a competent security audit can tell you that.

Documentation

See the full documentation for more details.

What is new in this release:

  • Added the SECURE_HSTS_INCLUDE_SUBDOMAINS setting. Thanks Paul McMillan for the report and Donald Stufft for the patch. Fixes #13.
  • Added the X-XSS-Protection: 1; mode=block header. Thanks Johannas Heller.

Requirements:

  • Python
  • Django

14 Apr 15

Other Software of Developer Carl Meyer

hgcampfire
hgcampfire

15 Apr 15

django-markitup
django-markitup

11 May 15

django-icanhaz
django-icanhaz

11 May 15

Comments to django-secure

Comments not found
Add Comment
Turn on images!
Search by Category
Popular software