Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Fixed #20080 - Recommended use of PYTHONHASHSEED

Thanks jacob for the suggestion and ryankask
for the patch.
  • Loading branch information...
commit 8aca2504df9d7d3c1244d1632f6cad45afa60115 1 parent b664cb8
@timgraham timgraham authored
Showing with 15 additions and 0 deletions.
  1. +15 −0 docs/howto/deployment/checklist.txt
View
15 docs/howto/deployment/checklist.txt
@@ -212,3 +212,18 @@ Miscellaneous
--------------------------------
This setting is required if you're using the :ttag:`ssi` template tag.
+
+Python Options
+==============
+
+If you're using Python 2.6.8+, it's strongly recommended that you invoke the
+Python process running your Django application using the `-R`_ option or with
+the :envvar:`PYTHONHASHSEED` environment variable set to ``random``.
+
+These options help protect your site from denial-of-service (DoS)
+attacks triggered by carefully crafted inputs. Such an attack can
+drastically increase CPU usage by causing worst-case performance when
+creating ``dict`` instances. See `oCERT advisory #2011-003
+<http://www.ocert.org/advisories/ocert-2011-003.html>`_ for more information.
+
+.. _-r: http://docs.python.org/2.7/using/cmdline.html#cmdoption-R
Please sign in to comment.
Something went wrong with that request. Please try again.