mirror of
				https://github.com/django/django.git
				synced 2025-10-25 14:46:09 +00:00 
			
		
		
		
	Two additions to the deployment checklist.
Thanks Erik Romijn.
This commit is contained in:
		| @@ -93,6 +93,9 @@ connections from your application servers. | |||||||
| Database connection parameters are probably different in development and in | Database connection parameters are probably different in development and in | ||||||
| production. | production. | ||||||
|  |  | ||||||
|  | Database passwords are very sensitive. You should protect them exactly like | ||||||
|  | :setting:`SECRET_KEY`. | ||||||
|  |  | ||||||
| For maximum security, make sure database servers only accept connections from | For maximum security, make sure database servers only accept connections from | ||||||
| your application servers. | your application servers. | ||||||
|  |  | ||||||
| @@ -130,7 +133,9 @@ the login/password, the session cookie, and password reset tokens. (You can't | |||||||
| do much to protect password reset tokens if you're sending them by email.) | do much to protect password reset tokens if you're sending them by email.) | ||||||
|  |  | ||||||
| Protecting sensitive areas such as the user account or the admin isn't | Protecting sensitive areas such as the user account or the admin isn't | ||||||
| sufficient, because the same session cookie is used for HTTP and HTTPS. | sufficient, because the same session cookie is used for HTTP and HTTPS. Your | ||||||
|  | web server must redirect all HTTP traffic to HTTPS, and only transmit HTTPS | ||||||
|  | requests to Django. | ||||||
|  |  | ||||||
| Once you've set up HTTPS, enable the following settings. | Once you've set up HTTPS, enable the following settings. | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user