Hi Lu. A good place to start is HTTPS. Make sure you get a valid SSL certificate and install it to your site. This ensures all communication between your site and users is encrypted. I will not go into details on how to get the certificate itself and enable HTTPS, but this page describes some specifics of Django: https://docs.djangoproject.com/en/dev/topics/security/#ssl-https. You will probably need additional info from your hosting provider too.
You may want to read the whole page as it explains how Django protects you from several forms of attack (clickjacking, cross-site reference forgery, SQL injection, etc). You've taken huge steps towards securing your site just by building it on Django/Mezzanine, but an SSL cert is a must! Good luck! :) -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
