Hi, This question has been asked a few times, but is there a general set of best practices one should follow to secure Django admin site? A quick check on some of the Django powered websites leave /admin/ open to public access, and some don't even use https for login form submission.
Although only users marked as staff are allowed to logging to admin site, but I am not quite comfortable to leave a "backend" site wide open and take chances. Or am I just being too paranoid? -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.