Due diligence security audit of Knowledge.Bio
Issue #55
resolved
Sanity check: the Knowledge.Bio application probably needs a final due diligence security audit review. The list of issues that come to mind (not exhaustive):
1) settings.py configuration should be reviewed for proper production deployment (e.g. make sure that "DEBUG" is turned off...)
2) "administrative" URL's should be hidden from the general public: e.g. ABC and UMLS loader; SemMedDb data auditor. Perhaps introducing some kind of rudimentary admin user login account mechanism(?)
Comments (3)
-
reporter -
@rbruskiewich Going to leave this up to you to close as its not easy for me to test. Please close when you are ready.
-
reporter - changed status to resolved
I've applied all the basic Django best practices to the production deployment.
- Log in to comment
Maybe I could hide the admin links behind https: port 443 and a Security Certificate(?)