Feature #10036
Check if Weblate has been audited already
100%
Description
Subtasks
History
#1 Updated by sajolida 2015-08-14 10:54:49
- Parent task set to
Feature #10034
#2 Updated by Anonymous 2015-08-24 04:54:35
According to the upstream author:
“There has been no official security audit so far. The code has been written quite cautiously, but that still does not prevent possible vulnerabilities, especially when using many third party libraries (eg. most vulnerabilities in Django affect Weblate as well).”
#3 Updated by Anonymous 2015-08-24 05:00:01
We might want to add this: https://pypi.python.org/pypi/django-secure
And as noted here: https://docs.djangoproject.com/en/1.8/topics/security/ we might want to add a plugin which throttles requests to authenticate users to prevent from brute force attacks.
#4 Updated by Anonymous 2015-08-24 05:18:00
- Assignee set to sajolida
- % Done changed from 0 to 10
- QA Check set to Ready for QA
https://www.owasp.org/index.php/SCG_WF_Django
recommends https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/
and https://www.ponycheckup.com/ to test Django secure deployment
#5 Updated by sajolida 2015-08-25 09:53:26
- Assignee deleted (
sajolida)
Why was this assigned to me? I probably created this ticket as part of the wrap-up of the notes from the summit but I have no personal interest in this audit :)
#6 Updated by Anonymous 2015-09-11 09:18:16
- Status changed from Confirmed to Resolved
Sorry sajolida!
So I’ll close this ticket, the answer is no :)
#7 Updated by intrigeri 2017-02-12 16:52:13
- % Done changed from 10 to 100
#8 Updated by intrigeri 2018-12-02 21:45:25
- QA Check deleted (
Ready for QA)
#9 Updated by intrigeri 2019-06-27 17:16:27
- Assignee deleted (
)