{ "info": { "author": "Carl Meyer", "author_email": "carl@oddbird.net", "bugtrack_url": null, "classifiers": [ "Development Status :: 3 - Alpha", "Environment :: Web Environment", "Framework :: Django", "Intended Audience :: Developers", "License :: OSI Approved :: BSD License", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.6", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.2", "Programming Language :: Python :: 3.3" ], "description": "=============\ndjango-secure\n=============\n\nHelping you remember to do the stupid little things to improve your Django\nsite's security.\n\nInspired by Mozilla's `Secure Coding Guidelines`_, and intended for sites that\nare entirely or mostly served over SSL (which should include anything with\nuser logins).\n\n.. _Secure Coding Guidelines: https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines\n\nQuickstart\n==========\n\nDependencies\n------------\n\nTested with `Django`_ 1.4 through trunk, and `Python`_ 2.6, 2.7, 3.2, and\n3.3. Quite likely works with older versions of both, though; it's not very\ncomplicated.\n\n.. _Django: http://www.djangoproject.com/\n.. _Python: http://www.python.org/\n\nInstallation\n------------\n\nInstall from PyPI with ``pip``::\n\n pip install django-secure\n\nor get the `in-development version`_::\n\n pip install django-secure==dev\n\n.. _in-development version: https://github.com/carljm/django-secure/tarball/master#egg=django_secure-dev\n\nUsage\n-----\n\n* Add ``\"djangosecure\"`` to your ``INSTALLED_APPS`` setting.\n\n* Add ``\"djangosecure.middleware.SecurityMiddleware\"`` to your\n ``MIDDLEWARE_CLASSES`` setting (where depends on your other middlewares, but\n near the beginning of the list is probably a good choice).\n\n* Set the ``SECURE_SSL_REDIRECT`` setting to ``True`` if all non-SSL requests\n should be permanently redirected to SSL.\n\n* Set the ``SECURE_HSTS_SECONDS`` setting to an integer number of seconds and\n ``SECURE_HSTS_INCLUDE_SUBDOMAINS`` to ``True``, if you want to use `HTTP\n Strict Transport Security`_.\n\n* Set the ``SECURE_FRAME_DENY`` setting to ``True``, if you want to prevent\n framing of your pages and protect them from `clickjacking`_.\n\n* Set the ``SECURE_CONTENT_TYPE_NOSNIFF`` setting to ``True``, if you want to prevent\n the browser from guessing asset content types.\n\n* Set the ``SECURE_BROWSER_XSS_FILTER`` setting to ``True``, if you want to enable\n the browser's XSS filtering protections.\n\n* Set ``SESSION_COOKIE_SECURE`` and ``SESSION_COOKIE_HTTPONLY`` to ``True`` if\n you are using ``django.contrib.sessions``. These settings are not part of\n ``django-secure``, but they should be used if running a secure site, and the\n ``checksecure`` management command will check their values.\n \n* Ensure that you're using a long, random and unique ``SECRET_KEY``.\n\n* Run ``python manage.py checksecure`` to verify that your settings are\n properly configured for serving a secure SSL site.\n\n.. _HTTP Strict Transport Security: http://en.wikipedia.org/wiki/Strict_Transport_Security\n\n.. _clickjacking: http://www.sectheory.com/clickjacking.htm\n\n.. warning::\n If ``checksecure`` gives you the all-clear, all it means is that you're now\n taking advantage of a small selection of easy security wins. That's great,\n but it doesn't mean your site or your codebase is secure: only a competent\n security audit can tell you that.\n\n.. end-here\n\nDocumentation\n-------------\n\nSee the `full documentation`_ for more details.\n\n.. _full documentation: http://django-secure.readthedocs.org\n\n\nCHANGES\n=======\n\n1.0.1 (2014.10.23)\n------------------\n\n* Hide django-secure tests from pre-1.6 Django test runners, to avoid breaking\n project tests.\n\n\n1.0 (2013.04.17)\n----------------\n\n* BACKWARDS INCOMPATIBLE: Dropped tested support for Python 2.5, Django 1.2,\n and Django 1.3.\n\n* Added support and testing for Python 3 (though all non-test code worked fine\n under Python 3 previously.)\n\n\n0.1.3 (2013.04.17)\n------------------\n\n* Added check for ``SECRET_KEY``. Thanks Ram Rachum.\n\n0.1.2 (2012.04.13)\n------------------\n\n* Added the ``SECURE_HSTS_INCLUDE_SUBDOMAINS`` setting. Thanks Paul McMillan\n for the report and Donald Stufft for the patch. Fixes #13.\n\n* Added the ``X-XSS-Protection: 1; mode=block`` header. Thanks Johannas Heller.\n\n\n0.1.1 (2011.11.23)\n------------------\n\n* Added the ``X-Content-Type-Options: nosniff`` header. Thanks Johannas Heller.\n\n* ``SECURE_PROXY_SSL_HEADER`` setting now patches ``request.is_secure()`` so it\n respects proxied SSL, to avoid redirects to http that should be to https.\n\n\n0.1.0 (2011.05.29)\n------------------\n\n* Initial release.\n\n\n\nTODO\n====", "description_content_type": null, "docs_url": null, "download_url": null, "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/carljm/django-secure/", "keywords": null, "license": null, "maintainer": null, "maintainer_email": null, "name": "django-secure", "package_url": "https://pypi.org/project/django-secure/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/django-secure/", "project_urls": { "Homepage": "https://github.com/carljm/django-secure/" }, "release_url": "https://pypi.org/project/django-secure/1.0.1/", "requires_dist": null, "requires_python": null, "summary": "Utilities and a 'linter' to help you make your Django site more secure.", "version": "1.0.1" }, "last_serial": 1280337, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "b39b53af0a1aeffafc97631ac5c96a06", "sha256": "599690bed51965e9f2addb30a6ba0e61f5c14d47c3ad7671513127ce047948b2" }, "downloads": -1, "filename": "django-secure-0.1.0.tar.gz", "has_sig": false, "md5_digest": "b39b53af0a1aeffafc97631ac5c96a06", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20886, "upload_time": "2011-05-30T22:59:18", "url": "https://files.pythonhosted.org/packages/80/01/dbc0eb467e0de89bb979f6d87c3de9bdaa7d5f167c2c01ad668a1a888001/django-secure-0.1.0.tar.gz" } ], "0.1.0a1": [ { "comment_text": "", "digests": { "md5": "1ccea60ad36ce71f5685ae09ef139576", "sha256": "3ae9b5d00fc417f735b46afd394c07936fb141aded5ef91f51e3306d596eb183" }, "downloads": -1, "filename": "django-secure-0.1.0a1.tar.gz", "has_sig": true, "md5_digest": "1ccea60ad36ce71f5685ae09ef139576", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 20864, "upload_time": "2011-05-30T21:02:57", "url": "https://files.pythonhosted.org/packages/1f/2e/9cdbb6e050e8450c15cca5a3b42197cd3ecab3328da2226fce1cb95e5983/django-secure-0.1.0a1.tar.gz" } ], "0.1.1": [ { "comment_text": "", "digests": { "md5": "4247439ca61ff9608cdaf1bcf5947156", "sha256": "e069fe0b44fa01c8976f19cc503f32ef70086b5e33f9ae0597394bff6f4cfc13" }, "downloads": -1, "filename": "django-secure-0.1.1.tar.gz", "has_sig": true, "md5_digest": "4247439ca61ff9608cdaf1bcf5947156", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 22457, "upload_time": "2011-11-23T20:29:04", "url": "https://files.pythonhosted.org/packages/c6/7d/c9edb0d0c66936d8512b6c11a758ad677941a253f4814d598e8576d7945b/django-secure-0.1.1.tar.gz" } ], "0.1.2": [ { "comment_text": "", "digests": { "md5": "359abeee3ad55c0968f5357ba8634c17", "sha256": "626e6be22bd98010a8c4b86790f1abe1e80bac5a20b8d69c0c0d4aae6868e571" }, "downloads": -1, "filename": "django-secure-0.1.2.tar.gz", "has_sig": false, "md5_digest": "359abeee3ad55c0968f5357ba8634c17", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 24159, "upload_time": "2012-04-14T02:02:20", "url": "https://files.pythonhosted.org/packages/46/e0/0159d8ef77827e1a8a4b76f93b3b189205ff4dd15f8efaa1928f9bafb6fe/django-secure-0.1.2.tar.gz" } ], "0.1.3": [ { "comment_text": "", "digests": { "md5": "ebb692bc4ca39a3a9250eeab96d50e54", "sha256": "e1bb47098495f5a8ef7894d9da2d3f805db0261154377f2924963d5a48491573" }, "downloads": -1, "filename": "django-secure-0.1.3.tar.gz", "has_sig": true, "md5_digest": "ebb692bc4ca39a3a9250eeab96d50e54", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 25055, "upload_time": "2013-04-17T23:47:36", "url": "https://files.pythonhosted.org/packages/32/2a/8a15951668e451682ba953a8248036d90613dc9f7ea6b8c50b839cb21b7e/django-secure-0.1.3.tar.gz" } ], "1.0": [ { "comment_text": "", "digests": { "md5": "68fcc9570371e1e9f5ee57958a86a138", "sha256": "f22822e9b48e1d152d40994631d7010cf365cd67d4ec2e73d15655bb90f5610d" }, "downloads": -1, "filename": "django-secure-1.0.tar.gz", "has_sig": true, "md5_digest": "68fcc9570371e1e9f5ee57958a86a138", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 23423, "upload_time": "2013-04-18T00:20:42", "url": "https://files.pythonhosted.org/packages/22/56/c62ed922639fb19f4ed366bc0eaea334e5b65aa6e01845df97536a1ee83f/django-secure-1.0.tar.gz" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "7fa6bc01cfc3d9443102ef1e5739a3a8", "sha256": "b14f6e1b1224e9de347aef4e53f00bdd85b505d08a3e28b6357e4c10e2ddf37b" }, "downloads": -1, "filename": "django-secure-1.0.1.tar.gz", "has_sig": true, "md5_digest": "7fa6bc01cfc3d9443102ef1e5739a3a8", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 23780, "upload_time": "2014-10-23T18:03:32", "url": "https://files.pythonhosted.org/packages/05/1d/448dc6d9a4f815101cdc7222e014826b5ab5d28961e9f99e126a21711891/django-secure-1.0.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "7fa6bc01cfc3d9443102ef1e5739a3a8", "sha256": "b14f6e1b1224e9de347aef4e53f00bdd85b505d08a3e28b6357e4c10e2ddf37b" }, "downloads": -1, "filename": "django-secure-1.0.1.tar.gz", "has_sig": true, "md5_digest": "7fa6bc01cfc3d9443102ef1e5739a3a8", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 23780, "upload_time": "2014-10-23T18:03:32", "url": "https://files.pythonhosted.org/packages/05/1d/448dc6d9a4f815101cdc7222e014826b5ab5d28961e9f99e126a21711891/django-secure-1.0.1.tar.gz" } ] }