Logged in sessions should be encrypted
Bug #769734 reported by
François Marier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Libravatar (obsolete) |
Fix Released
|
Medium
|
François Marier |
Bug Description
The main application should be split between a secure one (/account/) delivered over HTTPS and an insecure one (/public/ and /tools/) over HTTP.
Unfortunately, this requires another SSL cert and using SNI (which doesn't work on Windows XP) or it means we need to pay for a wildcard cert...
tags: | added: security |
To post a comment you must log in.
This article (http:// www.redrobotstu dios.com/ blog/2009/ 02/18/securing- django- with-ssl/) mentions two things:
- DJango settings for HTTPS-only cookies
- Custom https_required decorator for views