Feature #10036

Check if Weblate has been audited already

Added by sajolida 2015-08-14 10:54:41 . Updated 2019-06-27 17:16:26 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Infrastructure
Target version:
Start date:
2015-08-14
Due date:
% Done:

100%

Feature Branch:
Type of work:
Research
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description


Subtasks


History

#1 Updated by sajolida 2015-08-14 10:54:49

#2 Updated by Anonymous 2015-08-24 04:54:35

According to the upstream author:
“There has been no official security audit so far. The code has been written quite cautiously, but that still does not prevent possible vulnerabilities, especially when using many third party libraries (eg. most vulnerabilities in Django affect Weblate as well).”

#3 Updated by Anonymous 2015-08-24 05:00:01

We might want to add this: https://pypi.python.org/pypi/django-secure

And as noted here: https://docs.djangoproject.com/en/1.8/topics/security/ we might want to add a plugin which throttles requests to authenticate users to prevent from brute force attacks.

#4 Updated by Anonymous 2015-08-24 05:18:00

  • Assignee set to sajolida
  • % Done changed from 0 to 10
  • QA Check set to Ready for QA

https://www.owasp.org/index.php/SCG_WF_Django
recommends https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/
and https://www.ponycheckup.com/ to test Django secure deployment

#5 Updated by sajolida 2015-08-25 09:53:26

  • Assignee deleted (sajolida)

Why was this assigned to me? I probably created this ticket as part of the wrap-up of the notes from the summit but I have no personal interest in this audit :)

#6 Updated by Anonymous 2015-09-11 09:18:16

  • Status changed from Confirmed to Resolved

Sorry sajolida!

So I’ll close this ticket, the answer is no :)

#7 Updated by intrigeri 2017-02-12 16:52:13

  • % Done changed from 10 to 100

#8 Updated by intrigeri 2018-12-02 21:45:25

  • QA Check deleted (Ready for QA)

#9 Updated by intrigeri 2019-06-27 17:16:27

  • Assignee deleted ()