> * Only allow HTTPS (to the admin, and perhaps to the entire site). > * Don't use "/admin/" -- I usually use a separate subdomain like > "backend.example.com", or sometimes just a different root (I often see > "nqzva" -- figuring out why is left as an exercise for the reader :). > * Limit access based on IP, when appropriate -- many corporate > settings will already have a VPN, for example, so piggyback on that if > possible.
Hi Jacop, Thanks for the advice, and nqzva seems like a fun way to obscure admin url :) However, I ended up using a different port number and enforce cert based authentication on top of the default login form. Managing own CA is no fun, and it's easy to screw things up. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
