Hi, This question has been asked a few times, but is there a general set of best practices one should follow to secure Django admin site? A quick check on some of the Django powered websites leave /admin/ open to public access, and some don't even use https for login form submission.
Although only users marked as staff are allowed to logging to admin site, but I am not quite comfortable to leave a "backend" site wide open and take chances. Or am I just being too paranoid? -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
