Permalink
Browse files

Recommend the use of PYTHONHASHSEED or -R.

  • Loading branch information...
1 parent 888c86d commit add86762abf3d8c5adf85e427df1dde46c8716b3 @ryankask committed May 20, 2013
Showing with 15 additions and 0 deletions.
  1. +15 −0 docs/howto/deployment/checklist.txt
@@ -212,3 +212,18 @@ Miscellaneous
--------------------------------
This setting is required if you're using the :ttag:`ssi` template tag.
+
+Python Options
+==============
+
+If you are using Python 2.6.8 and above, it is strongly recommended
+that you invoke the Python process running your Django WSGI
+application using the :option:`-R` option or with the
+:envvar:`PYTHONHASHSEED` environment variable set to ``random``.
+
+These options help protect your site from denial-of-service (DoS)
+attacks triggered by carefully crafted inputs. Such an attack can
+drastically increase CPU usage by causing worst-case performance when
+creating ``dict`` instances. Please see `this oCERT advisory
+<http://www.ocert.org/advisories/ocert-2011-003.html>`_ for more
+information.

0 comments on commit add8676

Please sign in to comment.