Use PostgreSQL, not SQLite.
Security
# settings.py
DEBUG = False
SECRET_KEY = os.environ['SECRET_KEY'] # from environment variable
ALLOWED_HOSTS = ['yourdomain.com']
# HTTPS
SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
# Clickjacking protection
X_FRAME_OPTIONS = 'DENY'
Database
DATABASES = {
'default': dj_database_url.config(conn_max_age=600)
}
Use PostgreSQL, not SQLite.
Static Files
pip install whitenoise
MIDDLEWARE = ['whitenoise.middleware.WhiteNoiseMiddleware', ...]
STATIC_ROOT = BASE_DIR / 'staticfiles'
STATICFILES_STORAGE = 'whitenoise.storage.CompressedManifestStaticFilesStorage'
python manage.py collectstatic --no-input
Logging
LOGGING = {
'version': 1,
'handlers': {
'console': {'class': 'logging.StreamHandler'},
},
'root': {'handlers': ['console'], 'level': 'WARNING'},
}
Media Files
Do not store media files on the server — use S3 or an equivalent:
pip install django-storages boto3
Error Monitoring
pip install sentry-sdk
import sentry_sdk
sentry_sdk.init(dsn=os.environ['SENTRY_DSN'])
Deployment Check Command
python manage.py check --deploy
This will output a list of security issues to address.
Checklist
- [ ]
DEBUG = False - [ ]
SECRET_KEYloaded from environment variable - [ ] PostgreSQL instead of SQLite
- [ ]
collectstatichas been run - [ ] HTTPS configured
- [ ] Migrations applied
- [ ] Superuser created
- [ ] Logging configured
- [ ] Sentry connected
💬 Comments (0)
No comments yet
Be the first to share your opinion about this article!