I could really use a pointer to a set of documentation somewhere that lists all the requirements for securing my site. I would think it would include changing this "secret", getting the site out of debug mode, and maybe even validating every form (even if you don't assign a validator to a field - which I am hoping escapes injection attacks).
I expect TG is used by many professionals - but many people like myself as well, who are not well experienced in web architectures and SQL. That's why I use TG - to abstract away and simplify, but I feel like it may leave my site and/or database open to vulnerabilities because I don't grasp all the nuances. My previous approach was to buy Mark's book - and it was great, but I've since moved on to TG2. Is there any page of mandatory steps and best practices to properly secure a TG2 site? Mike On Aug 12, 9:47 am, Antoine Pitrou <[email protected]> wrote: > On Aug 12, 3:16 am, Mark Ramm <[email protected]> wrote: > > > You can also set it in development.ini using a key like: > > > sa_auth.cookie_secret = "mysupersecret" > > In [app:main] I assume? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/turbogears?hl=en -~----------~----~----~----~------~----~------~--~---
