Get your Django app ready for production

Bilal Tonga
2 min readOct 14, 2021

--

newscientist.com

Internet is not safe place, there is no angels playing on the clouds. this is a dark place where a guy in a black sweatshirt thinks about how to hack your site. If we can’t make the world a safer place let’s make our own django app safer and production ready.

Here’s your checklist:

check --deploy

Django has a cool automated script that check all configuration of our application and make some suggestions. Run the command and check all configs.

manage.py check --deploy

SECRET_KEY

What’s the big deal ? There are million of millions django secret_keys in github.com. Don’t push your production secret key to github repo. Best practices is get sensitive info from environment variables.

import os
SECRET_KEY = os.environ['SECRET_KEY']

DEBUG is True or not True

Never and never enable DEBUG in production.

DEBUG = False

ALLOWED_HOSTS

Do you want to protect your site against some CSRF attacks ? If your answer is YESS! check your ALLOWED_HOST settings. You should also configure your web-server that sits in front of Django application to validate the host.

CACHES

Cache servers often have weak authentication. Make sure they only accept connections from your application servers.

DATABASE

Store database connection parameters on environment variables and don’t add your git repo. For maximum security, make sure database servers only accept connections from your application servers.

MEDIA FILES

Don’t trust users! You may add file upload on django application. Don’t let users upload .php files. Web server shouldn’t execute them.

HTTPS

Use SSL certificate, get a certificate and use it! it's not a big deal.

That’s all!

--

--