Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Two additions to the deployment checklist.

Thanks Erik Romijn.
  • Loading branch information...
commit c94db53eaa9b344f9227fa4dff2b1a5e9c7dce9d 1 parent 912b5d2
Aymeric Augustin aaugustin authored
Showing with 6 additions and 1 deletion.
  1. +6 −1 docs/howto/deployment/checklist.txt
7 docs/howto/deployment/checklist.txt
View
@@ -93,6 +93,9 @@ connections from your application servers.
Database connection parameters are probably different in development and in
production.
+Database passwords are very sensitive. You should protect them exactly like
+:setting:`SECRET_KEY`.
+
For maximum security, make sure database servers only accept connections from
your application servers.
@@ -130,7 +133,9 @@ the login/password, the session cookie, and password reset tokens. (You can't
do much to protect password reset tokens if you're sending them by email.)
Protecting sensitive areas such as the user account or the admin isn't
-sufficient, because the same session cookie is used for HTTP and HTTPS.
+sufficient, because the same session cookie is used for HTTP and HTTPS. Your
+web server must redirect all HTTP traffic to HTTPS, and only transmit HTTPS
+requests to Django.
Once you've set up HTTPS, enable the following settings.
Please sign in to comment.
Something went wrong with that request. Please try again.