> * Only allow HTTPS (to the admin, and perhaps to the entire site).
> * Don't use "/admin/" -- I usually use a separate subdomain like
> "backend.example.com", or sometimes just a different root (I often see
> "nqzva" -- figuring out why is left as an exercise for the reader :).
> * Limit access b
On Thu, Jun 23, 2011 at 3:33 PM, Phui-Hock wrote:
> This question has been asked a few times, but is there a general set
> of best practices one should follow to secure Django admin site? A
> quick check on some of the Django powered websites leave /admin/ open
> to public access, and some don't e
Hi,
This question has been asked a few times, but is there a general set
of best practices one should follow to secure Django admin site? A
quick check on some of the Django powered websites leave /admin/ open
to public access, and some don't even use https for login form
submission.
Although only
3 matches
Mail list logo