On Thu, Jun 23, 2011 at 3:33 PM, Phui-Hock <phuih...@gmail.com> wrote: > This question has been asked a few times, but is there a general set > of best practices one should follow to secure Django admin site? A > quick check on some of the Django powered websites leave /admin/ open > to public access, and some don't even use https for login form > submission. > > Although only users marked as staff are allowed to logging to admin > site, but I am not quite comfortable to leave a "backend" site wide > open and take chances. Or am I just being too paranoid?
There are no known vulnerabilities in the admin's auth code, but "no known vulnerabilities" is a long way from "no vulnerabilities full stop". I trust Django pretty far, but I don't think it's paranoia to add a few other layers of security on top. I generally do the following: * Only allow HTTPS (to the admin, and perhaps to the entire site). * Don't use "/admin/" -- I usually use a separate subdomain like "backend.example.com", or sometimes just a different root (I often see "nqzva" -- figuring out why is left as an exercise for the reader :). * Limit access based on IP, when appropriate -- many corporate settings will already have a VPN, for example, so piggyback on that if possible. Of the three, I consider SSL non-negotiable: there's no good reason to allow insecure connections to the admin. Jacob -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.