Here are some very important security instructions for PyLucid.
The settings.py is inside the document root of the webserver. You should check if you can get the settings.py throu the webserver:
Normaly you can's access the file, because we have added this in the .htaccess:
<Files settings.py=""> Deny from all </Files>
Disable the _install section access, after the installation. Change this in your settings.py:
You can also delete the install password hash. Note, the password hash can be show in a traceback, if enabled.
You should disable the debug traceback function because. Set DEBUG = False in your settings.py
Use DEBUG = True only together with INTERNAL_IPS !