#17101: Add "checkdeploy" management command
-------------------------------------+-------------------------------------
Reporter: carljm | Owner: nobody
Type: New | Status: new
feature | Version: 1.3
Component: Core | Keywords:
(Management commands) | Has patch: 0
Severity: Normal | Needs tests: 0
Triage Stage: | Easy pickings: 0
Unreviewed |
Needs documentation: 0 |
Patch needs improvement: 0 |
UI/UX: 0 |
-------------------------------------+-------------------------------------
There has been discussion of integrating something similar to
[http://pypi.python.org/pypi/django-secure django-secure] into Django
core, to help users check some common deployment mis-configurations. We
probably want to use a name like "checkdeploy" rather than "checksecure",
both to allow for a broader range of checks to be included, and to avoid
giving users a false sense that a successful runs means their code is
secure.
This would include checking SESSION_COOKIE_SECURE,
SESSION_COOKIE_HTTPONLY, X_FRAME_OPTIONS (and the middleware); these are
all things which django-secure currently checks.
It could also include checking for common python path issues, existence of
500/404 templates (if you're using the default 404/500 handlers)...
And of course it should be pluggable so third-party apps can provide
additional checks that users can include (and users should be able to
disable built-in checks if they determine it doesn't apply to them for
whatever reason).
--
Ticket URL: <https://code.djangoproject.com/ticket/17101>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
