I am getting a request from the security infrastructure and I could use
some advice/recommendation.
This is a 3 tier application.
Apache/Django/Sql Server
Apache is https and there is a proxy server between.
The security team is saying that the communication from Django should also
be ssl encrypted in case the proxy server goes down.
1. Can Django be made hardened via ssl?
2. Doesn't Apache and the Proxy server provide sufficient security so that
ssl / django is not required?
3. If the Proxy server goes down I can test some header responses to
determine if the call is from a secure call and from the expected server
If such security is required is that not sufficient?
Thanks in advance.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/611a928d-b3bf-4672-b850-591d62b7d350%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
