I have a customer who has a Django application that I have upgraded to Django 1.1.
The customer wants to take this software in a more public arena. He has to get HIPAA approval. The data is stored in a MySQL database and the standard Django User Authentication model is used (out of the box with no changes). Since security is a concern for the customer, I wanted to find all information from HIPAA regarding the Django User Authentication/Sessions security model before I did more work. I expected to see documents that they have approved this model in the past. But, I'm getting caught in all types of minutia and can't seem to find information directly relating to HIPAA's criteria for web security and Django User Authentication. I only found one security report (and it wasn't related to session login at all): 07.45.60 CVE: Not Available Platform: Web Application Title: Django i18n Remote Denial of Service Description: Django is a Python-based framework for building web applications. The application is exposed to a remote denial of service issue because it fails to adequately handle user-supplied input. This issue affects the "i18n" internationalization system when processing specially crafted "Accept-Language" HTTP requests. Django versions 0.91, 0.95, 0.95.1, and 0.96 are affected. Ref: http://www.djangoproject.com/weblog/2007/oct/26/security-fix/ Does anyone know where to find such "stamp of approval" or "denial" from HIPAA's point of view? I can find no specific links to Django from hippa.org. Which governmental agency site should I be searching for with regard to Open Source and security? Thanks in advance for any direction you can lead me in (where to go or who to talk to), Cheers, Glen -- g...@glenjarvis.com "You must be the change you wish to see in the world." -M. Gandhi -- 415-680-3964 g...@glenjarvis.com http://www.glenjarvis.com "You must be the change you wish to see in the world." -M. Gandhi --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---