The one I follow is to set an environment variable to see if it’s a public facing instance or a private one (disconnected from the internet) and use that as a condition, which when true will add some urls.
It’s the same pattern you’ll follow when using something like Django debug toolbar - where you check if debug is true and if it is, you add some more urls to the root urlconf conf.
Hope that helps.
P.s. This is the mailing list for contributions to Django itself. Questions about how to use django are better suited in the Django Users mailing list or the forums.
Onward,
Arvind
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/46bf01ff-dc32-47ff-92bc-c56c260a9f29n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/10669A3E-5DBB-46C8-8CF3-411C7DC149CC%40gmail.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/61afea37-34af-4271-91cb-e4a116c1eb71n%40googlegroups.com.
A security model doesn’t necessarily have to be any one thing that’s 100% secure. It can be a combination of things which include “actual” security features as well as plain ol’ obscurity.
If I have to register the admin urls on a project, I make sure to setup django-honeypot and move the admin site to something non-standard.
Any one thing may not be doing much on it’s own. But the combination, if messy enough to make someone give up, will give you a better overall security situation.
Just my 2¢.
Onward,
Arvind
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/728e66df-9340-45da-96e0-cbc969e05f6en%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/4299be50-32f3-4356-b7d2-726a66e6fb01n%40googlegroups.com.
You received this message because you are subscribed to a topic in the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/django-developers/a4_VY4YzB2I/unsubscribe.
To unsubscribe from this group and all its topics, send an email to django-develop...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAEE%2BrGoVwYG9suCdf_cy1wKho5awMvbPqT%3DQ0dMbJGj9WoBW%3DQ%40mail.gmail.com.
> combination of blocking IPs and having a different admin URL would raise the bar quite a bit.So having a different default admin URL would help, right?
--
You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-develop...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAEE%2BrGqvVXrAZbWwuieitTVTNuKzR%2B%2BWWqc-6HsO4LO0OhvEog%40mail.gmail.com.