#17101: Add "checkdeploy" management command -------------------------------------+------------------------------------- Reporter: carljm | Owner: nobody Type: New | Status: new feature | Version: 1.3 Component: Core | Keywords: (Management commands) | Has patch: 0 Severity: Normal | Needs tests: 0 Triage Stage: | Easy pickings: 0 Unreviewed | Needs documentation: 0 | Patch needs improvement: 0 | UI/UX: 0 | -------------------------------------+------------------------------------- There has been discussion of integrating something similar to [http://pypi.python.org/pypi/django-secure django-secure] into Django core, to help users check some common deployment mis-configurations. We probably want to use a name like "checkdeploy" rather than "checksecure", both to allow for a broader range of checks to be included, and to avoid giving users a false sense that a successful runs means their code is secure.
This would include checking SESSION_COOKIE_SECURE, SESSION_COOKIE_HTTPONLY, X_FRAME_OPTIONS (and the middleware); these are all things which django-secure currently checks. It could also include checking for common python path issues, existence of 500/404 templates (if you're using the default 404/500 handlers)... And of course it should be pluggable so third-party apps can provide additional checks that users can include (and users should be able to disable built-in checks if they determine it doesn't apply to them for whatever reason). -- Ticket URL: <https://code.djangoproject.com/ticket/17101> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.