Is there a need for ssl if apache (https) and a proxy are between django and the outside world.
Doesn't the apache server/proxy provide a sufficient layer of security. isn't it true that the data is being served through the server securely via https? Thanks On Wednesday, December 10, 2014 11:55:15 AM UTC-5, pythonista wrote: > > I am getting a request from the security infrastructure and I could use > some advice/recommendation. > > This is a 3 tier application. > > Apache/Django/Sql Server > > Apache is https and there is a proxy server between. > > The security team is saying that the communication from Django should also > be ssl encrypted in case the proxy server goes down. > > 1. Can Django be made hardened via ssl? > 2. Doesn't Apache and the Proxy server provide sufficient security so that > ssl / django is not required? > > 3. If the Proxy server goes down I can test some header responses to > determine if the call is from a secure call and from the expected server > If such security is required is that not sufficient? > > Thanks in advance. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/6a6d6601-166e-4234-869f-3442d6c2876b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
