A handy security checklist

Security is not an afterthought but is instead integral to the way you write applications. However, being human, it is handy to have a checklist to remind you of the common omissions.

The following points are a bare minimum of security checks that you should perform before making your Django application public:

Don't trust data from a browser, API, or any outside sources: This is a fundamental rule. Make sure you validate and sanitize any outside data.
Don't keep SECRET_KEY in version control: As a best practice, pick SECRET_KEY from the environment. Check out the django-environ package.
Don't store passwords in plain text: Store your application password hashes instead. Add a random salt as well.
Don't log any sensitive ...

Get Django Design Patterns and Best Practices now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Django Design Patterns and Best Practices by Arun Ravindran

A handy security checklist

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly