Re: Adding a security concerned feature
2020-12-02
Thread
'Aaron C. de Bruyn' via Django developers (Contributions to Django itself)
On Wed, Dec 2, 2020 at 9:23 AM Collin Anderson wrote: > > combination of blocking IPs and having a different admin URL would raise > the bar quite a bit. > > So having a different default admin URL would help, right? > Sure. But so would disconnecting the network cable from your server. :) It's
Re: Adding a security concerned feature
2020-11-25
Thread
'Aaron C. de Bruyn' via Django developers (Contributions to Django itself)
That's security through obscurity that isn't too difficult to get past. It certainly raises the bar a bit, but like you said, the root problem is someone finding a login box and hammering away trying to guess usernames and passwords. I'm betting your 'standard' login box isn't difficult to find i
Re: Making startproject's settings more 12-factor-y
2020-07-07
Thread
'Aaron C. de Bruyn' via Django developers (Contributions to Django itself)
Not everyone runs containerized. I think some settings shouldn't be prefixed--i.e. DATABASE_URL is a pretty common one. -A On Tue, Jul 7, 2020 at 12:40 AM '1337 Shadow Hacker' via Django developers (Contributions to Django itself) wrote: > Do we really need DJANGO_ prefix on env vars ? In my f
