Bird
Raised Fist0
Djangoframework~20 mins

Security checklist (manage.py check --deploy) in Django - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Django Security Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
1:30remaining
What does manage.py check --deploy do in Django?

When you run manage.py check --deploy in a Django project, what is the main purpose of this command?

AIt starts the Django development server with extra debugging enabled.
BIt runs a security-focused system check to identify potential deployment issues.
CIt automatically fixes all security issues found in the project settings.
DIt deletes all temporary files and caches before deployment.
Attempts:
2 left
💡 Hint

Think about what 'check' commands usually do and what '--deploy' might imply.

📝 Syntax
intermediate
1:30remaining
Which setting causes manage.py check --deploy to warn about missing HTTPS?

Given the following Django settings, which one will cause manage.py check --deploy to raise a warning about HTTPS security?

Django
SECURE_SSL_REDIRECT = False
SESSION_COOKIE_SECURE = False
CSRF_COOKIE_SECURE = False
SECURE_HSTS_SECONDS = 0
ASECURE_SSL_REDIRECT = False
BSESSION_COOKIE_SECURE = True
CCSRF_COOKIE_SECURE = True
DSECURE_HSTS_SECONDS = 3600
Attempts:
2 left
💡 Hint

Which setting controls redirecting HTTP to HTTPS?

🔧 Debug
advanced
2:00remaining
Why does manage.py check --deploy warn about DEBUG=True?

Consider a Django project with DEBUG = True in production. What is the reason manage.py check --deploy warns about this?

ABecause <code>DEBUG=True</code> prevents static files from loading.
BBecause <code>DEBUG=True</code> disables database migrations.
CBecause <code>DEBUG=True</code> automatically enables HTTPS.
DBecause <code>DEBUG=True</code> exposes detailed error pages that can leak sensitive information.
Attempts:
2 left
💡 Hint

Think about what happens when an error occurs and DEBUG is on.

state_output
advanced
1:30remaining
What is the effect of setting SECURE_HSTS_SECONDS to a positive value?

In Django settings, what happens when you set SECURE_HSTS_SECONDS to a positive integer like 3600?

AIt enables debug logging for HTTPS requests.
BDjango will redirect all HTTP requests to HTTPS immediately.
CBrowsers will remember to only use HTTPS for your site for the given number of seconds.
DIt disables CSRF protection for the specified time.
Attempts:
2 left
💡 Hint

Think about what HSTS means in web security.

🧠 Conceptual
expert
2:00remaining
Which setting prevents JavaScript from accessing cookies in Django?

To protect cookies from being accessed by JavaScript (helping prevent XSS attacks), which Django setting should be set to True?

ASESSION_COOKIE_HTTPONLY
BSESSION_COOKIE_SECURE
CCSRF_COOKIE_SECURE
DSECURE_SSL_REDIRECT
Attempts:
2 left
💡 Hint

Which cookie flag blocks JavaScript access?

Practice

(1/5)
1. What is the main purpose of running manage.py check --deploy in a Django project?
easy
A. To create a new database migration
B. To start the Django development server
C. To find security issues before deploying the site to production
D. To install required Python packages

Solution

  1. Step 1: Understand the command's role

    manage.py check --deploy runs checks specifically for security and deployment readiness.

  2. Step 2: Compare with other commands

    Other commands like migrations or server start do not check security issues.

  3. Final Answer:

    To find security issues before deploying the site to production -> Option C

  4. Quick Check:

    Security check = B [OK]
Hint: Remember: --deploy means check for production security [OK]
Common Mistakes:
  • Confusing it with migration commands
  • Thinking it starts the server
  • Assuming it installs packages
2. Which of the following is the correct way to run the security deployment check in Django?
easy
A. python manage.py startapp --deploy
B. python manage.py migrate --deploy
C. python manage.py runserver --deploy
D. python manage.py check --deploy

Solution

  1. Step 1: Identify the correct command syntax

    The command to check security issues is python manage.py check --deploy.

  2. Step 2: Eliminate incorrect options

    Other commands like migrate, runserver, or startapp do not accept --deploy and serve different purposes.

  3. Final Answer:

    python manage.py check --deploy -> Option D

  4. Quick Check:

    Correct command syntax = A [OK]
Hint: Use 'check' command with --deploy flag for security checks [OK]
Common Mistakes:
  • Using migrate or runserver with --deploy
  • Mixing up command names
  • Omitting 'python' or 'manage.py'
3. After running python manage.py check --deploy, you see a warning about SECURE_SSL_REDIRECT not being set. What will happen if you ignore this warning?
medium
A. Your site will not redirect HTTP requests to HTTPS, risking insecure connections
B. Your database migrations will fail
C. Your static files will not load
D. Your admin login page will be disabled

Solution

  1. Step 1: Understand the warning about SECURE_SSL_REDIRECT

    This setting forces HTTP requests to redirect to HTTPS, securing data in transit.

  2. Step 2: Consequences of ignoring the warning

    If not set, users can connect over insecure HTTP, exposing sensitive data.

  3. Final Answer:

    Your site will not redirect HTTP requests to HTTPS, risking insecure connections -> Option A

  4. Quick Check:

    SSL redirect missing = insecure HTTP allowed [OK]
Hint: SSL redirect warning means HTTP stays open, fix it! [OK]
Common Mistakes:
  • Thinking it affects database or static files
  • Assuming admin page disables automatically
  • Ignoring HTTPS importance
4. You ran python manage.py check --deploy and got this error: "Your SECRET_KEY is not set or is insecure." What is the best way to fix this?
medium
A. Set a long, random SECRET_KEY in your settings and keep it secret
B. Remove the SECRET_KEY setting from your settings file
C. Set SECRET_KEY to 'django-insecure' for simplicity
D. Ignore the warning; it only affects development

Solution

  1. Step 1: Understand SECRET_KEY importance

    SECRET_KEY is used for cryptographic signing and must be unique and secret.

  2. Step 2: Fix by setting a strong, random key

    Generate a long random string and set it in settings securely; do not share it.

  3. Final Answer:

    Set a long, random SECRET_KEY in your settings and keep it secret -> Option A

  4. Quick Check:

    Strong SECRET_KEY = A [OK]
Hint: Never share SECRET_KEY; generate a strong random one [OK]
Common Mistakes:
  • Using default insecure keys
  • Removing SECRET_KEY setting
  • Ignoring warnings thinking they're only for dev
5. You want to ensure your Django app is secure for production. Which combination of settings should you verify or enable after running manage.py check --deploy?
hard
A. Remove ALLOWED_HOSTS, set DEBUG=True, and disable security middleware
B. Set SECURE_SSL_REDIRECT=True, SESSION_COOKIE_SECURE=True, and DEBUG=False
C. Set DEBUG=True, ALLOWED_HOSTS=['*'], and CSRF_COOKIE_SECURE=False
D. Keep DEBUG=True, set SECURE_HSTS_SECONDS=0, and disable SSL redirect

Solution

  1. Step 1: Identify secure production settings

    SECURE_SSL_REDIRECT and SESSION_COOKIE_SECURE enforce HTTPS and secure cookies; DEBUG must be False in production.

  2. Step 2: Eliminate insecure options

    Options with DEBUG=True or ALLOWED_HOSTS=['*'] are insecure and should be avoided.

  3. Final Answer:

    Set SECURE_SSL_REDIRECT=True, SESSION_COOKIE_SECURE=True, and DEBUG=False -> Option B

  4. Quick Check:

    Secure settings = C [OK]
Hint: Disable DEBUG and enable SSL redirect for production [OK]
Common Mistakes:
  • Leaving DEBUG=True in production
  • Allowing all hosts with ALLOWED_HOSTS=['*']
  • Disabling security middleware