0

Ive been making a site in django and thinking about using some of the apps available online for things like wiki or forum. I was wondering what the drawbacks were. Are those apps likely to be less secure that using something like vbulletin or mediawiki instead?

In general is django pretty secure to begin with? I know almost nothing about security so I find myself wondering sometimes.

Joff
  • 11,247
  • 16
  • 60
  • 103
  • 2
    Django is as secure as any web framework can be. It provides tools and doc to prevent common mistakes causing security problems (csrf, xss, etc.) – Jahongir Rahmonov Feb 03 '15 at 12:58
  • Just about anything can be configured and used insecurely, but Django does all the key things correctly out of the box. Use Django the way it's documented (e.g., don't just go around turning of XSRF) and the weakest part of your stack will likely be the database server. That's something where you should find someone who knows how to set those up. – dylrei Feb 03 '15 at 13:08
  • [Chapter on security](https://docs.djangoproject.com/en/1.7/topics/security/) from the Django documentation might be a good starting point. – styts Feb 03 '15 at 14:14

1 Answers1

1

vBulletin and MediaWiki are pretty insecure apps. I think typical django app is much more secure than these two :-)

Django by default prevents many security mistakes (SQL injection, xss, csrf) so developer should make an effort to create insecure app.

catavaran
  • 44,703
  • 8
  • 98
  • 85