Issue
The primary objective is to secure sensitive details within the project by concealing critical information such as environment variables, hosting details, static
file configurations, and other pertinent data.
I make sure to follow the steps to secure my Django
applications, let's have a look together
- Set DEBUG to False in Production
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False
- Use a Secret Key from Environment Variables
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY', 'default_secret_key')
- Configure Allowed Hosts
ALLOWED_HOSTS = ['werexpert.com', '*.werexpert.com']
4.Enable HTTPS
SECURE_SSL_REDIRECT = True
- Enable Security Middleware
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
# ... other middlewares
]
-
- Password Validators: Use a variety of password validators to enforce strong password policies
AUTH_PASSWORD_VALIDATORS = [
# ... other validators
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
- Database Configuration
- I use a strong username and password and the system change automatically changes database pass and sends to my email
- Update the Django Version & Secure Static Files
- I use Nginx static file service and avoid
runserver
- Logging Configuration, Secure Session Settings, and CSRF Protection
LOGGING = {
# ...logging configuration
}
SESSION_COOKIE_SECURE = True
SESSION_COOKIE_HTTPONLY = True
CSRF_COOKIE_SECURE = True
CSRF_COOKIE_HTTPONLY = True
If you do Implement these all then I'm sure it will significantly enhance the security posture of your Django project
Solution
In settings check INSTALLED_APPS:
...
'django.contrib.staticfiles',
...
And:
STATIC_URL = '/static/'
And:
STATIC_ROOT = os.path.join(BASE_DIR, 'static')
If that didn't help, please, show full settings.py
file.
Answered By - Sergey Rùdnev
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.