PyLucid CMS Logo

important security instructions

Here are some very important security instructions for PyLucid.

↑ public access to settings.py  #

The settings.py is inside the document root of the webserver. You should check if you can get the settings.py throu the webserver:

Normaly you can's access the file, because we have added this in the .htaccess:

XML
1
2
3
<Files settings.py>
    Deny from all
</Files>

↑ _install section access  #

Disable the _install section access, after the installation. Change this in your settings.py:

You can also delete the install password hash. Note, the password hash can be show in a traceback, if enabled.

↑ verbose tracebacks  #

You should disable the debug traceback function because. Set DEBUG = False in your settings.py

Use DEBUG = True only together with INTERNAL_IPS !

0 Kommentare für 'security':
    Es existiert kein Kommentar für 'security'
Kommentar hinterlassen
PyLucid v0.11.2.0201 | Anmelden | render time: 382.6 ms - overall: 2.6 days | last modified: 1. Feb. 2010, 12:05

django-processinfo: 8.7 ms of 384.6 ms (2.3%)