Due diligence security audit of Knowledge.Bio
Issue #55
resolved
Sanity check: the Knowledge.Bio application probably needs a final due diligence security audit review. The list of issues that come to mind (not exhaustive):
1) settings.py configuration should be reviewed for proper production deployment (e.g. make sure that "DEBUG" is turned off...)
2) "administrative" URL's should be hidden from the general public: e.g. ABC and UMLS loader; SemMedDb data auditor. Perhaps introducing some kind of rudimentary admin user login account mechanism(?)
Comments (3)
-
reporter
-
@rbruskiewich Going to leave this up to you to close as its not easy for me to test. Please close when you are ready.
-
reporter
- changed status to resolved
I've applied all the basic Django best practices to the production deployment.
- Log in to comment
- Assignee
- Type
- Priority
- Status
- resolved
- Component
- Implicitome Paper Release Features
- Milestone
- Implicitome-ready release
- Version
- 1.0.0
- Votes
- 0
- Watchers
- 2
Maybe I could hide the admin links behind https: port 443 and a Security Certificate(?)