{ "info": { "author": "", "author_email": "", "bugtrack_url": null, "classifiers": [ "Environment :: Web Environment", "Framework :: Django", "Framework :: Django :: 1.10", "Framework :: Django :: 1.11", "Framework :: Django :: 1.8", "Framework :: Django :: 1.9", "Intended Audience :: Developers", "License :: OSI Approved :: BSD License", "Operating System :: OS Independent", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.6", "Topic :: Security", "Topic :: Software Development :: Libraries :: Python Modules" ], "description": "# Django-Security\r\n\r\n[![Build Status](https://travis-ci.org/sdelements/django-security.svg?branch=master)](https://travis-ci.org/sdelements/django-security)\r\n\r\nThis package offers a number of models, views, middlewares and forms to facilitate security hardening of Django applications.\r\n\r\n# Full documentation\r\n\r\nAutomatically generated documentation of `django-security` is available on Read The Docs:\r\n\r\n* [Django-security documentation](http://django-security.readthedocs.org/en/latest/)\r\n\r\n# Requirements\r\n\r\n* Python >= 2.7\r\n* Django >= 1.8\r\n\r\nFor Django < 1.8 use django-security==0.9.4.\r\n\r\n# Installation\r\n\r\nInstall from Python packages repository:\r\n\r\n pip install django-security\r\n\r\nIf you prefer the latest development version, install from\r\n[django-security](https://github.com/sdelements/django-security) repository on GitHub:\r\n\r\n git clone https://github.com/sdelements/django-security.git\r\n cd django-security\r\n sudo python setup.py install\r\n\r\nAdding to Django application's `settings.py` file:\r\n\r\n INSTALLED_APPS = (\r\n ...\r\n 'security',\r\n ...\r\n )\r\n\r\nPre-Django 1.10, middleware modules can be added to `MIDDLEWARE_CLASSES` list in settings file:\r\n\r\n MIDDLEWARE_CLASSES = (\r\n ...\r\n 'security.middleware.DoNotTrackMiddleware',\r\n 'security.middleware.ContentNoSniff',\r\n 'security.middleware.XssProtectMiddleware',\r\n 'security.middleware.XFrameOptionsMiddleware',\r\n )\r\n\r\nAfter Django 1.10, middleware modules can be added to `MIDDLEWARE` list in settings file:\r\n\r\n MIDDLEWARE = (\r\n ...\r\n 'security.middleware.DoNotTrackMiddleware',\r\n 'security.middleware.ContentNoSniff',\r\n 'security.middleware.XssProtectMiddleware',\r\n 'security.middleware.XFrameOptionsMiddleware',\r\n )\r\n\r\n\r\n\r\nUnlike the modules listed above, some other modules **require** configuration settings,\r\nfully described in [django-security documentation](http://django-security.readthedocs.org/en/latest/).\r\nBrief description is provided below.\r\n\r\n## Middleware\r\n\r\nProvided middleware modules will modify web application's output and input and in most cases requires no\r\nor minimum configuration.\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n
Middleware\r\nDescription\r\nConfiguration\r\n
ContentNoSniff\r\nDisable possibly insecure autodetection of MIME types in browsers. Recommended.\r\nNone.\r\n\r\n
ContentSecurityPolicyMiddleware\r\nSend Content Security Policy (CSP) header in HTTP response. Recommended, requires careful tuning.\r\nRequired.\r\n\r\n
DoNotTrackMiddleware\r\nRead user browser's DoNotTrack preference and pass it to application. Recommended, requires implementation in views and templates.\r\nNone.\r\n\r\n
LoginRequiredMiddleware\r\nRequires a user to be authenticated to view any page on the site that hasn't been white listed.\r\nRequired.\r\n\r\n
MandatoryPasswordChangeMiddleware\r\nRedirects any request from an authenticated user to the password change form if that user's password has expired.\r\nRequired.\r\n\r\n
NoConfidentialCachingMiddleware\r\nAdds No-Cache and No-Store headers to confidential pages.\r\nRequired.\r\n\r\n
P3PPolicyMiddleware\r\nAdds the HTTP header attribute specifying compact P3P policy.\r\nRequired.\r\n\r\n
SessionExpiryPolicyMiddleware\r\nExpire sessions on browser close, and on expiry times stored in the cookie itself.\r\nRequired.\r\n\r\n
StrictTransportSecurityMiddleware\r\nEnforce SSL/TLS connection and disable plaintext fall-back. Recommended for SSL/TLS sites.\r\nOptional.\r\n\r\n
XFrameOptionsMiddleware\r\nDisable framing of the website, mitigating Clickjacking attacks. Recommended.\r\nOptional.\r\n\r\n
XssProtectMiddleware\r\nEnforce browser's Cross Site Scripting protection. Recommended.\r\nNone.\r\n\r\n
\r\n\r\n## Views\r\n\r\n`csp_report`\r\n\r\nView that allows reception of Content Security Policy violation reports sent by browsers in response\r\nto CSP header set by ``ContentSecurityPolicyMiddleware`. This should be used only if long term, continuous CSP report\r\nanalysis is required. For one time CSP setup [CspBuilder](http://cspbuilder.info/) is much simpler.\r\n\r\nThis view can be configured to either log received reports or store them in database.\r\nSee [documentation](http://django-security.readthedocs.org/en/latest/#security.views.csp_report) for details.\r\n\r\n`require_ajax`\r\n\r\nA view decorator which ensures that the request being proccessed by view is an AJAX request. Example usage:\r\n\r\n @require_ajax\r\n def myview(request):\r\n ...\r\n\r\n## Models\r\n\r\n`CspReport`\r\n\r\nContent Security Policy violation report object. Only makes sense if `ContentSecurityPolicyMiddleware` and `csp_report` view are used.\r\nWith this model, the reports can be then analysed in Django admin site.\r\n\r\n`PasswordExpiry`\r\n\r\nAssociate a password expiry date with a user.\r\n\r\n## Logging\r\n\r\nAll `django-security` modules send important log messages to `security` facility. The application should configure a handler to receive them:\r\n\r\n LOGGING = {\r\n ...\r\n 'loggers': {\r\n 'security': {\r\n 'handlers': ['console',],\r\n 'level': 'INFO',\r\n 'propagate': False,\r\n 'formatter': 'verbose',\r\n },\r\n ...\r\n\r\n\r\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/dai-ictgeo/django-security", "keywords": "", "license": "", "maintainer": "T", "maintainer_email": "", "name": "django-security-2.0", "package_url": "https://pypi.org/project/django-security-2.0/", "platform": "", "project_url": "https://pypi.org/project/django-security-2.0/", "project_urls": { "Homepage": "https://github.com/dai-ictgeo/django-security" }, "release_url": "https://pypi.org/project/django-security-2.0/1.0.1/", "requires_dist": [ "django (>=1.8)", "ua-parser (==0.7.1)" ], "requires_python": "", "summary": "A collection of tools to help secure a Django project. update 2.1.4. mod for pwdExpiry", "version": "1.0.1" }, "last_serial": 5862203, "releases": { "0.9.9": [ { "comment_text": "", "digests": { "md5": "07a4a3d2583f8122c8c494829d82fde6", "sha256": "c861840f0e442745199138228e82c87aa4a4ae8f4ada6264f71ff58853ff4fdf" }, "downloads": -1, "filename": "django-security_2.0-0.9.9.tar.gz", "has_sig": false, "md5_digest": "07a4a3d2583f8122c8c494829d82fde6", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 23530, "upload_time": "2019-02-22T14:25:45", "url": "https://files.pythonhosted.org/packages/54/75/7221a587c2e2fc2dc695787247e44f7c9cb43e8adb5c1450b260c20207ea/django-security_2.0-0.9.9.tar.gz" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "2ddc38300fc496054b5059ada9721a3f", "sha256": "e3babaad80ae3931e7bbca9624098daf143f2262befae06ab6f007c0739b32a2" }, "downloads": -1, "filename": "django_security_2.0-1.0.1-py2-none-any.whl", "has_sig": false, "md5_digest": "2ddc38300fc496054b5059ada9721a3f", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 31123, "upload_time": "2019-09-20T13:04:53", "url": "https://files.pythonhosted.org/packages/d3/20/00cb33bf8ee32484cacbbb85005b5ede9864baf587721d5acf4d27bfbdb8/django_security_2.0-1.0.1-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "1c378d10fe71665fd2bcef8052f477ae", "sha256": "5d5aa339fc23ade34f6aacc3d473f49de6c669e4bd29b43fc104e7a2b06ee927" }, "downloads": -1, "filename": "django-security_2.0-1.0.1.tar.gz", "has_sig": false, "md5_digest": "1c378d10fe71665fd2bcef8052f477ae", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 24119, "upload_time": "2019-09-20T13:04:54", "url": "https://files.pythonhosted.org/packages/ae/e3/39a6440e2e38055d2a102021a5f0379864e40747df8e0624e7690583383f/django-security_2.0-1.0.1.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "2ddc38300fc496054b5059ada9721a3f", "sha256": "e3babaad80ae3931e7bbca9624098daf143f2262befae06ab6f007c0739b32a2" }, "downloads": -1, "filename": "django_security_2.0-1.0.1-py2-none-any.whl", "has_sig": false, "md5_digest": "2ddc38300fc496054b5059ada9721a3f", "packagetype": "bdist_wheel", "python_version": "py2", "requires_python": null, "size": 31123, "upload_time": "2019-09-20T13:04:53", "url": "https://files.pythonhosted.org/packages/d3/20/00cb33bf8ee32484cacbbb85005b5ede9864baf587721d5acf4d27bfbdb8/django_security_2.0-1.0.1-py2-none-any.whl" }, { "comment_text": "", "digests": { "md5": "1c378d10fe71665fd2bcef8052f477ae", "sha256": "5d5aa339fc23ade34f6aacc3d473f49de6c669e4bd29b43fc104e7a2b06ee927" }, "downloads": -1, "filename": "django-security_2.0-1.0.1.tar.gz", "has_sig": false, "md5_digest": "1c378d10fe71665fd2bcef8052f477ae", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 24119, "upload_time": "2019-09-20T13:04:54", "url": "https://files.pythonhosted.org/packages/ae/e3/39a6440e2e38055d2a102021a5f0379864e40747df8e0624e7690583383f/django-security_2.0-1.0.1.tar.gz" } ] }