Djangoframework~30 mins

Security checklist (manage.py check --deploy) in Django - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Django Security Checklist with manage.py check --deploy

📖 Scenario: You are preparing a Django web application for deployment. To ensure your app is secure, you want to use Django's built-in security checklist tool.This tool helps you find common security issues before going live.

🎯 Goal: Build a simple Django project setup and run the manage.py check --deploy command to identify security settings that need attention.

📋 What You'll Learn

Create a Django settings file with basic security settings

Add a variable to indicate debug mode

Use the manage.py check --deploy command to check security

Ensure the project is ready for deployment with recommended security settings

💡 Why This Matters

🌍 Real World

Before launching a Django website, developers use this checklist to avoid common security mistakes that could expose user data or allow attacks.

💼 Career

Knowing how to configure Django security settings and run deployment checks is essential for web developers and DevOps engineers to ensure safe production environments.

Progress0 / 4 steps

Create basic Django settings with security keys

Create a file named settings.py and add a variable SECRET_KEY with the value 'django-insecure-12345' and a variable DEBUG set to True.

Django

# Your code here

Need a hint?

The SECRET_KEY is a string that Django uses for cryptographic signing. DEBUG should be True during development.

Add allowed hosts configuration

In settings.py, add a variable ALLOWED_HOSTS and set it to a list containing 'localhost' and '127.0.0.1'.

Django

SECRET_KEY = 'django-insecure-12345'
DEBUG = True
# Your code here

Need a hint?

ALLOWED_HOSTS tells Django which host/domain names your app can serve. This helps prevent HTTP Host header attacks.

Add security middleware to settings

In settings.py, add a variable MIDDLEWARE as a list containing the string 'django.middleware.security.SecurityMiddleware' as the first item.

Django

SECRET_KEY = 'django-insecure-12345'
DEBUG = True
ALLOWED_HOSTS = ['localhost', '127.0.0.1']
# Your code here

Need a hint?

SecurityMiddleware helps manage security headers and HTTPS redirects.

Run the security check command

Run the command python manage.py check --deploy in your terminal to see the security checklist results for your current settings.

Django

SECRET_KEY = 'django-insecure-12345'
DEBUG = True
ALLOWED_HOSTS = ['localhost', '127.0.0.1']
MIDDLEWARE = ['django.middleware.security.SecurityMiddleware']
# Run the security check command in terminal

Need a hint?

This command checks your settings for common security issues before deployment.