Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
I'm about to release my django app to the world, but I'm worried about the admin tab. What are some best practices for keeping the admin secure?
I saw thiswebsite . It mentioned changing the admin url among other things. Are there any other best practices?
There are a few good methods, try this one from this blog - Limit Admin Access Based on IP - tech.marksblogg.com
Something less sophisticated like a fake Django admin login screen page django-admin-honeypot.
and of course - It is always better for security to deploy your site behind HTTPS. Deploy your site behind HTTPS, it's easy to implement and it's free Certbot, just choose software and system and you're ready to go.
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 months ago.
Improve this question
When integrating the login via telegram for Django, I received the following error (despite the fact that all actions were done correctly)
Bot domain invalid error
I've been tinkering with this for a couple of days and just want to share a solution.
The solution is simple and pretty funny.
Just remove
"django.middleware.security.SecurityMiddleware"
from MIDDLEWARE
Since Django 4.0 you can use Cross-Origin Opener Policy instead of removing security middleware.
Tested on Django 4.1:
SECURE_CROSS_ORIGIN_OPENER_POLICY = 'same-origin-allow-popups'
You have to contact #BotFather on Telegram and set use the /setdomain command to allow logins to your bot from your domain.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed last year.
Improve this question
First time im building api's for SPA. And now i wonder how to do some of them right.
For example, we all have delivery club app and main page of a restaurant has banners, some info about, categories, products. Product detail pop up has info about product, measure units, modifiers, additivies and some more options.
So i understand how to build api's for admins dashboard but how to do it for clients app?
They should be all seperated and front-end will get them all together or my serializers should be nested? Can someone tell?
For every view you want, you return the appropriate data and of course load your front-end with the data gotten.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I am not an expert in Django and learning it by doing. I am making an application and it has two kind of users-
User who offers services
User who uses services
So my query is how to manage these two types of users? One possible approach i am thinking of is make two separate profile models for both these users and have different login pages for these users. And still I want to have upper layer of Django admin which can manage both these users. So my problem is-Is there any particular way to implement this kind of scenario or i can go with my approach? These users will have different privileges like offer-er of service can add his service while simple user can only use that service by logging in himself. So i want to have a secure separation between these users.
I would suggest using django's built in Groups and custom Permissions. Also another interesting tidbit I would consider is implementing two versions of the django admin.
How to have 2 different admin sites in a Django project?
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I am writing a web service in JAVA which will expose a product's API.
What i cannot figure out for my Low level design is, how to authenticate and authorize within my web service.
For example :- Who can or cannot invoke methods on my web service.
I want to build something like, one user can add an account however shouldn't be allowed to add user while some other user can do vice versa.
Can anyone give me a direction for best practices, i can figure out the details.
Here is a leightweight howto:
You could implement a usertable and provide a login mechanism. Every time a user logs in you could store the userid in a session. If an arbitrary request is received you check whether a session exists. If not you force the user to login otherwise you read the userid from the session. Then you can determine which functions the user is allowed to access.
Also this link about similar question on stackoverflow might help:
Servlet user authentication
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
My website is hosted on AWS. My marketing pages are hosted on HubSpot. I have CNAME records that point to both hosts (www.mypage.com -> AWS and info.mypage.com -> HubSpot).
Q1: Is the search rankings for pages on info.mypage.com also giving credit to my main site? That is, if my landing pages are doing well, does Google raise the ranking for my main site?
Q2: If I move my marketing stuff to AWS, will Google reset my search ranking? Or does it follow the new CNAME alias, thus giving my landing pages the same value in searches?
No. Each page is ranked on its own merits. (But when it comes to spam and quality control having poor/low quality content on other pages on your site can hurt the overall site's rankings).
If your URLs do not change then this should be transparent to the search engines.