Created
June 18, 2018 18:24
-
-
Save dsaves/729216bba3dbcd6f9d9291dd17aea8e0 to your computer and use it in GitHub Desktop.
Django prod checklist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| settings.py | |
| Turn off debug | |
| Edit ALLOWED_HOSTS | |
| Remove plain-text SECRET_KEY | |
| Dangerous libs/functions: | |
| eval(), exec(), execfile() | |
| cPickle.loads() | |
| pyyaml.load() | |
| ModelForms.Meta.exclude() | |
| ModelForms.Meta.fields = ”__all__” | |
| Disable autofill on payment forms | |
| Use Django Forms to validate all incoming data | |
| Use CDNs for user uploaded content | |
| Otherwise: | |
| make whitelist of accepted content types | |
| python-magic to check file headers | |
| defusedxml to check XML | |
| Use HTTPS/HSTS |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment