Graham Dumpleton wrote: > > > On Nov 20, 1:41 pm, Steve Holden <[EMAIL PROTECTED]> wrote: [...] >> The drawbacks are that the Django web servers aren't designed to the >> same rigorous security standards that are applied to production web >> servers like Apache and lighthttpd, > > I really scratch my head when I keep seeing this argument about > security. It doesn't really matter whether you use Apache or Django, > it is possible to screw up in configuring either such that you could > expose more of the file system than you intended. > Perhaps we need a documentation change.
>From http://docs.djangoproject.com/en/dev/howto/static-files/ """ The big, fat disclaimer Using this method is inefficient and insecure. Do not use this in a production setting. Use this only for development. """ So it's true I was parroting the documentation, and that your rather more nuanced advice is probably more useful in the general case. regards Steve -- Steve Holden +1 571 484 6266 +1 800 494 3119 Holden Web LLC http://www.holdenweb.com/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
