Opened 9 years ago
Closed 9 years ago
#939 closed enhancement (wontfix)
Move "Security Considerations" to "Considerations for Production Deployments"
|Reported by:||Ben Sturmfels||Owned by:|
This warning about
user_dev/crypto/ is only relevant to a production environment. Recommend moving it.
Change History (3)
by , 9 years ago
comment:1 by , 9 years ago
|Status:||new → review|
Patch attached to move the note about
user_dev/crypto to Considerations for Production Deployment.
comment:2 by , 9 years ago
|Status:||review → closed|
I reviewed this, and I think I'm not going to move it... here's why: the "considerations for production deployments" provides some advanced features like running celery separately... but regardless of whether you do that or not, the advice about not leaking the crypto information is critical. Even for image-only sites, I think it's important that people don't leak that.
I understand the reasoning for this, especially given the name of that section, but I think we should leave this where it is.
Patch to move note about user_dev/crypto.