Thursday, June 23, 2011

Re: Best practices to secure admin site

> * Only allow HTTPS (to the admin, and perhaps to the entire site).
> * Don't use "/admin/" -- I usually use a separate subdomain like
> "backend.example.com", or sometimes just a different root (I often see
> "nqzva" -- figuring out why is left as an exercise for the reader :).
> * Limit access based on IP, when appropriate -- many corporate
> settings will already have a VPN, for example, so piggyback on that if
> possible.

Hi Jacop,
Thanks for the advice, and nqzva seems like a fun way to obscure admin
url :)
However, I ended up using a different port number and
enforce cert based authentication on top of the default login form.

Managing own CA is no fun, and it's easy to screw things up.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home


Real Estate