[{"data":1,"prerenderedAt":1858},["ShallowReactive",2],{"navigation":3,"/security":1016,"/security-surround":1853},[4,54,89,123,165,211,253,331,389,439,462,488,514,540,578,624,650,672,702,736,774,800,850,856,862,868,874,928],{"title":5,"path":6,"stem":7,"children":8},"Introduction and Foundations","/introduction-and-foundations","01.introduction-and-foundations/01.index",[9,10,14,18,22,26,30,34,38,42,46,50],{"title":5,"path":6,"stem":7},{"title":11,"path":12,"stem":13},"What is Django","/introduction-and-foundations/what-is-django","01.introduction-and-foundations/02.what-is-django",{"title":15,"path":16,"stem":17},"Key Concepts and Philosophy","/introduction-and-foundations/key-concepts-and-philosophy","01.introduction-and-foundations/03.key-concepts-and-philosophy",{"title":19,"path":20,"stem":21},"MVC vs MVT: Understanding Django's Architecture","/introduction-and-foundations/mvc-vs-mvt","01.introduction-and-foundations/04.mvc-vs-mvt",{"title":23,"path":24,"stem":25},"Project Structure Overview","/introduction-and-foundations/project-structure-overview","01.introduction-and-foundations/05.project-structure-overview",{"title":27,"path":28,"stem":29},"Installing Django","/introduction-and-foundations/installing-django","01.introduction-and-foundations/06.installing-django",{"title":31,"path":32,"stem":33},"Creating Your First Django Project","/introduction-and-foundations/creating-first-project","01.introduction-and-foundations/07.creating-first-project",{"title":35,"path":36,"stem":37},"Creating Your First Django App","/introduction-and-foundations/creating-first-app","01.introduction-and-foundations/08.creating-first-app",{"title":39,"path":40,"stem":41},"Your First Django \"Hello World\"","/introduction-and-foundations/hello-world","01.introduction-and-foundations/09.hello-world",{"title":43,"path":44,"stem":45},"Django Quick Start Guide","/introduction-and-foundations/quick-start-guide","01.introduction-and-foundations/10.quick-start-guide",{"title":47,"path":48,"stem":49},"How Django Handles Requests","/introduction-and-foundations/how-django-handles-requests","01.introduction-and-foundations/11.how-django-handles-requests",{"title":51,"path":52,"stem":53},"Django Settings","/introduction-and-foundations/django-settings","01.introduction-and-foundations/12.django-settings",{"title":55,"path":56,"stem":57,"children":58},"The Development Environment","/development-environment","02.development-environment/1.index",[59,61,65,69,73,77,81,85],{"title":60,"path":56,"stem":57},"Development Environment",{"title":62,"path":63,"stem":64},"Recommended Tooling for Django Development","/development-environment/recommended-tooling","02.development-environment/2.recommended-tooling",{"title":66,"path":67,"stem":68},"Virtual Environments","/development-environment/virtual-environments","02.development-environment/3.virtual-environments",{"title":70,"path":71,"stem":72},"Django Admin and Management Commands","/development-environment/admin-and-management-commands","02.development-environment/4.admin-and-management-commands",{"title":74,"path":75,"stem":76},"Django Project Settings","/development-environment/project-settings","02.development-environment/5.project-settings",{"title":78,"path":79,"stem":80},"Managing Django Environments: Local, Staging, and Production","/development-environment/environments-local-staging-production","02.development-environment/6.environments-local-staging-production",{"title":82,"path":83,"stem":84},"Running Django Development Server","/development-environment/running-development-server","02.development-environment/7.running-development-server",{"title":86,"path":87,"stem":88},"Working with Django Shell","/development-environment/working-with-shell","02.development-environment/8.working-with-shell",{"title":90,"path":91,"stem":92,"children":93},"Templates and Presentation Layer","/templates-and-presentation","03.templates-and-presentation/1.index",[94,95,99,103,107,111,115,119],{"title":90,"path":91,"stem":92},{"title":96,"path":97,"stem":98},"Introduction to Django Templates","/templates-and-presentation/introduction-to-templates","03.templates-and-presentation/2.introduction-to-templates",{"title":100,"path":101,"stem":102},"The Django Template Language","/templates-and-presentation/django-template-language","03.templates-and-presentation/3.django-template-language",{"title":104,"path":105,"stem":106},"Template Inheritance","/templates-and-presentation/template-inheritance","03.templates-and-presentation/4.template-inheritance",{"title":108,"path":109,"stem":110},"Built-in Template Tags and Filters","/templates-and-presentation/built-in-template-tags-and-filters","03.templates-and-presentation/5.built-in-template-tags-and-filters",{"title":112,"path":113,"stem":114},"Including Static Files","/templates-and-presentation/including-static-files","03.templates-and-presentation/6.including-static-files",{"title":116,"path":117,"stem":118},"Working with Media Files","/templates-and-presentation/working-with-media-files","03.templates-and-presentation/7.working-with-media-files",{"title":120,"path":121,"stem":122},"Using Alternative Template Engines","/templates-and-presentation/using-alternative-template-engines","03.templates-and-presentation/8.using-alternative-template-engines",{"title":124,"path":125,"stem":126,"children":127},"URLs and Views","/urls-and-views","04.urls-and-views/01.index",[128,129,133,137,141,145,149,153,157,161],{"title":124,"path":125,"stem":126},{"title":130,"path":131,"stem":132},"The URL Dispatcher","/urls-and-views/the-url-dispatcher","04.urls-and-views/02.the-url-dispatcher",{"title":134,"path":135,"stem":136},"Writing Function-Based Views","/urls-and-views/writing-function-based-views","04.urls-and-views/03.writing-function-based-views",{"title":138,"path":139,"stem":140},"View Decorators","/urls-and-views/view-decorators","04.urls-and-views/04.view-decorators",{"title":142,"path":143,"stem":144},"Rendering Responses","/urls-and-views/rendering-responses","04.urls-and-views/05.rendering-responses",{"title":146,"path":147,"stem":148},"Redirects","/urls-and-views/redirects","04.urls-and-views/06.redirects",{"title":150,"path":151,"stem":152},"Handling HTTP Methods","/urls-and-views/handling-http-methods","04.urls-and-views/07.handling-http-methods",{"title":154,"path":155,"stem":156},"Conditional View Processing","/urls-and-views/conditional-view-processing","04.urls-and-views/08.conditional-view-processing",{"title":158,"path":159,"stem":160},"File Uploads","/urls-and-views/file-uploads","04.urls-and-views/09.file-uploads",{"title":162,"path":163,"stem":164},"Using Django Shortcut Functions","/urls-and-views/using-django-shortcut-functions","04.urls-and-views/10.using-django-shortcut-functions",{"title":166,"path":167,"stem":168,"children":169},"Class Based Views","/class-based-views","05.class-based-views/01.index",[170,171,175,179,183,187,191,195,199,203,207],{"title":166,"path":167,"stem":168},{"title":172,"path":173,"stem":174},"Introduction to Class-Based Views","/class-based-views/introduction-to-class-based-views","05.class-based-views/02.introduction-to-class-based-views",{"title":176,"path":177,"stem":178},"Common Base Classes","/class-based-views/common-base-classes","05.class-based-views/03.common-base-classes",{"title":180,"path":181,"stem":182},"Built-in Generic Views","/class-based-views/built-in-generic-views","05.class-based-views/04.built-in-generic-views",{"title":184,"path":185,"stem":186},"Views for CRUD Operations","/class-based-views/views-for-crud-operations","05.class-based-views/05.views-for-crud-operations",{"title":188,"path":189,"stem":190},"Handling Forms with Class-Based Views","/class-based-views/handling-forms-with-class-based-views","05.class-based-views/06.handling-forms-with-class-based-views",{"title":192,"path":193,"stem":194},"Using Mixins","/class-based-views/using-mixins","05.class-based-views/07.using-mixins",{"title":196,"path":197,"stem":198},"URL Configuration with Class-Based Views","/class-based-views/url-configuration-with-class-based-views","05.class-based-views/08.url-configuration-with-class-based-views",{"title":200,"path":201,"stem":202},"Subclassing Generic Views","/class-based-views/subclassing-generic-views","05.class-based-views/09.subclassing-generic-views",{"title":204,"path":205,"stem":206},"Asynchronous Class-Based Views","/class-based-views/asynchronous-class-based-views","05.class-based-views/10.asynchronous-class-based-views",{"title":208,"path":209,"stem":210},"Pagination","/class-based-views/pagination","05.class-based-views/11.pagination",{"title":212,"path":213,"stem":214,"children":215},"Forms and User Input","/forms-and-user-input","06.forms-and-user-input/01.index",[216,217,221,225,229,233,237,241,245,249],{"title":212,"path":213,"stem":214},{"title":218,"path":219,"stem":220},"Understanding HTML Forms","/forms-and-user-input/understanding-html-forms","06.forms-and-user-input/02.understanding-html-forms",{"title":222,"path":223,"stem":224},"Django's Role in Form Handling","/forms-and-user-input/djangos-role-in-form-handling","06.forms-and-user-input/03.djangos-role-in-form-handling",{"title":226,"path":227,"stem":228},"Creating Forms with Forms API","/forms-and-user-input/creating-forms-with-forms-api","06.forms-and-user-input/04.creating-forms-with-forms-api",{"title":230,"path":231,"stem":232},"Form Validation","/forms-and-user-input/form-validation","06.forms-and-user-input/05.form-validation",{"title":234,"path":235,"stem":236},"Built-in Fields and Widgets","/forms-and-user-input/built-in-fields-and-widgets","06.forms-and-user-input/06.built-in-fields-and-widgets",{"title":238,"path":239,"stem":240},"Form Rendering in Templates","/forms-and-user-input/form-rendering-in-templates","06.forms-and-user-input/07.form-rendering-in-templates",{"title":242,"path":243,"stem":244},"Model Forms","/forms-and-user-input/model-forms","06.forms-and-user-input/08.model-forms",{"title":246,"path":247,"stem":248},"Advanced Form Techniques","/forms-and-user-input/advanced-form-techniques","06.forms-and-user-input/09.advanced-form-techniques",{"title":250,"path":251,"stem":252},"Security Considerations for Forms","/forms-and-user-input/security-considerations-for-forms","06.forms-and-user-input/10.security-considerations-for-forms",{"title":254,"path":255,"stem":256,"children":257},"Models and Databases","/models-and-databases","07.models-and-databases/01.index",[258,259,263,267,271,275,279,283,287,291,295,299,303,307,311,315,319,323,327],{"title":254,"path":255,"stem":256},{"title":260,"path":261,"stem":262},"Understanding Django Models","/models-and-databases/understanding-django-models","07.models-and-databases/02.understanding-django-models",{"title":264,"path":265,"stem":266},"Defining Fields","/models-and-databases/defining-fields","07.models-and-databases/03.defining-fields",{"title":268,"path":269,"stem":270},"Relationships and Foreign Keys","/models-and-databases/relationships-and-foreign-keys","07.models-and-databases/04.relationships-and-foreign-keys",{"title":272,"path":273,"stem":274},"Examples of Relationship Patterns","/models-and-databases/examples-of-relationship-patterns","07.models-and-databases/05.examples-of-relationship-patterns",{"title":276,"path":277,"stem":278},"Making Queries","/models-and-databases/making-queries","07.models-and-databases/06.making-queries",{"title":280,"path":281,"stem":282},"Filtering, Ordering, and Slicing","/models-and-databases/filtering-ordering-slicing","07.models-and-databases/07.filtering-ordering-slicing",{"title":284,"path":285,"stem":286},"Managers and QuerySets","/models-and-databases/managers-and-querysets","07.models-and-databases/08.managers-and-querysets",{"title":288,"path":289,"stem":290},"Aggregation","/models-and-databases/aggregation","07.models-and-databases/09.aggregation",{"title":292,"path":293,"stem":294},"Search","/models-and-databases/search","07.models-and-databases/10.search",{"title":296,"path":297,"stem":298},"Raw SQL Queries","/models-and-databases/raw-sql-queries","07.models-and-databases/11.raw-sql-queries",{"title":300,"path":301,"stem":302},"Transactions","/models-and-databases/transactions","07.models-and-databases/12.transactions",{"title":304,"path":305,"stem":306},"Multiple Databases","/models-and-databases/multiple-databases","07.models-and-databases/13.multiple-databases",{"title":308,"path":309,"stem":310},"Tablespaces","/models-and-databases/tablespaces","07.models-and-databases/14.tablespaces",{"title":312,"path":313,"stem":314},"Composite Primary Keys","/models-and-databases/composite-primary-keys","07.models-and-databases/15.composite-primary-keys",{"title":316,"path":317,"stem":318},"Database Instrumentation","/models-and-databases/database-instrumentation","07.models-and-databases/16.database-instrumentation",{"title":320,"path":321,"stem":322},"Database Optimization","/models-and-databases/database-optimization","07.models-and-databases/17.database-optimization",{"title":324,"path":325,"stem":326},"Fixtures","/models-and-databases/fixtures","07.models-and-databases/18.fixtures",{"title":328,"path":329,"stem":330},"Signals","/models-and-databases/signals","07.models-and-databases/19.signals",{"title":332,"path":333,"stem":334,"children":335},"Migrations","/migrations","08.migrations/01.index",[336,337,341,345,349,353,357,361,365,369,373,377,381,385],{"title":332,"path":333,"stem":334},{"title":338,"path":339,"stem":340},"How Migrations Work","/migrations/how-migrations-work","08.migrations/02.how-migrations-work",{"title":342,"path":343,"stem":344},"Management Commands","/migrations/management-commands","08.migrations/03.management-commands",{"title":346,"path":347,"stem":348},"Dependencies and Workflow","/migrations/dependencies-and-workflow","08.migrations/04.dependencies-and-workflow",{"title":350,"path":351,"stem":352},"Transaction Handling","/migrations/transaction-handling","08.migrations/05.transaction-handling",{"title":354,"path":355,"stem":356},"Adding Migrations to Apps","/migrations/adding-migrations-to-apps","08.migrations/06.adding-migrations-to-apps",{"title":358,"path":359,"stem":360},"Reversing Migrations","/migrations/reversing-migrations","08.migrations/07.reversing-migrations",{"title":362,"path":363,"stem":364},"Historical Models","/migrations/historical-models","08.migrations/08.historical-models",{"title":366,"path":367,"stem":368},"Considerations When Removing Fields","/migrations/considerations-when-removing-fields","08.migrations/09.considerations-when-removing-fields",{"title":370,"path":371,"stem":372},"Data Migrations","/migrations/data-migrations","08.migrations/10.data-migrations",{"title":374,"path":375,"stem":376},"Squashing Migrations","/migrations/squashing-migrations","08.migrations/11.squashing-migrations",{"title":378,"path":379,"stem":380},"Serializing Values","/migrations/serializing-values","08.migrations/12.serializing-values",{"title":382,"path":383,"stem":384},"Supporting Multiple Django Versions","/migrations/supporting-multiple-django-versions","08.migrations/13.supporting-multiple-django-versions",{"title":386,"path":387,"stem":388},"Django Serialization Framework","/migrations/django-serialization-framework","08.migrations/14.django-serialization-framework",{"title":390,"path":391,"stem":392,"children":393},"Authentication and Authorization","/authentication-and-authorization","09.authentication-and-authorization/01.index",[394,395,399,403,407,411,415,419,423,427,431,435],{"title":390,"path":391,"stem":392},{"title":396,"path":397,"stem":398},"Overview of Django's Authentication System","/authentication-and-authorization/overview-of-django-authentication-system","09.authentication-and-authorization/02.overview-of-django-authentication-system",{"title":400,"path":401,"stem":402},"Users and Groups","/authentication-and-authorization/users-and-groups","09.authentication-and-authorization/03.users-and-groups",{"title":404,"path":405,"stem":406},"Permissions","/authentication-and-authorization/permissions","09.authentication-and-authorization/04.permissions",{"title":408,"path":409,"stem":410},"Password Management","/authentication-and-authorization/password-management","09.authentication-and-authorization/05.password-management",{"title":412,"path":413,"stem":414},"Authentication Views","/authentication-and-authorization/authentication-views","09.authentication-and-authorization/06.authentication-views",{"title":416,"path":417,"stem":418},"Login and Logout","/authentication-and-authorization/login-and-logout","09.authentication-and-authorization/07.login-and-logout",{"title":420,"path":421,"stem":422},"Custom User Models","/authentication-and-authorization/custom-user-models","09.authentication-and-authorization/08.custom-user-models",{"title":424,"path":425,"stem":426},"Middleware for Authentication","/authentication-and-authorization/middleware-for-authentication","09.authentication-and-authorization/09.middleware-for-authentication",{"title":428,"path":429,"stem":430},"Authorization in Views and Templates","/authentication-and-authorization/authorization-in-views-and-templates","09.authentication-and-authorization/10.authorization-in-views-and-templates",{"title":432,"path":433,"stem":434},"Integrating Social Authentication","/authentication-and-authorization/integrating-social-authentication","09.authentication-and-authorization/11.integrating-social-authentication",{"title":436,"path":437,"stem":438},"Security Best Practices","/authentication-and-authorization/security-best-practices","09.authentication-and-authorization/12.security-best-practices",{"title":440,"path":441,"stem":442,"children":443},"Sessions, Cookies, and State","/sessions-cookies-state","10.sessions-cookies-state/01.index",[444,446,450,454,458],{"title":445,"path":441,"stem":442},"Sessions, Cookies, and State Management",{"title":447,"path":448,"stem":449},"Introduction to Sessions","/sessions-cookies-state/introduction-to-sessions","10.sessions-cookies-state/02.introduction-to-sessions",{"title":451,"path":452,"stem":453},"Working with Cookies","/sessions-cookies-state/working-with-cookies","10.sessions-cookies-state/03.working-with-cookies",{"title":455,"path":456,"stem":457},"Server-Side Session Storage Options","/sessions-cookies-state/server-side-session-storage-options","10.sessions-cookies-state/04.server-side-session-storage-options",{"title":459,"path":460,"stem":461},"Session Security","/sessions-cookies-state/session-security","10.sessions-cookies-state/05.session-security",{"title":463,"path":464,"stem":465,"children":466},"Working with Files","/working-with-files","11.working-with-files/01.index",[467,468,472,476,480,484],{"title":463,"path":464,"stem":465},{"title":469,"path":470,"stem":471},"Files in Models","/working-with-files/files-in-models","11.working-with-files/02.files-in-models",{"title":473,"path":474,"stem":475},"The File Object","/working-with-files/the-file-object","11.working-with-files/03.the-file-object",{"title":477,"path":478,"stem":479},"Storage Backends","/working-with-files/storage-backends","11.working-with-files/04.storage-backends",{"title":481,"path":482,"stem":483},"Using Cloud Storage Providers","/working-with-files/using-cloud-storage-providers","11.working-with-files/05.using-cloud-storage-providers",{"title":485,"path":486,"stem":487},"Managing Media in Production","/working-with-files/managing-media-in-production","11.working-with-files/06.managing-media-in-production",{"title":489,"path":490,"stem":491,"children":492},"Admin Site","/admin-site","12.admin-site/01.index",[493,494,498,502,506,510],{"title":489,"path":490,"stem":491},{"title":495,"path":496,"stem":497},"Enabling the Admin","/admin-site/enabling-the-admin","12.admin-site/02.enabling-the-admin",{"title":499,"path":500,"stem":501},"Registering Models","/admin-site/registering-models","12.admin-site/03.registering-models",{"title":503,"path":504,"stem":505},"Customizing Admin Display","/admin-site/customizing-admin-display","12.admin-site/04.customizing-admin-display",{"title":507,"path":508,"stem":509},"Admin Actions","/admin-site/admin-actions","12.admin-site/05.admin-actions",{"title":511,"path":512,"stem":513},"Admin Security Best Practices","/admin-site/admin-security-best-practices","12.admin-site/06.admin-security-best-practices",{"title":515,"path":516,"stem":517,"children":518},"Middleware","/middleware","13.middleware/01.index",[519,520,524,528,532,536],{"title":515,"path":516,"stem":517},{"title":521,"path":522,"stem":523},"Middleware Overview","/middleware/middleware-overview","13.middleware/02.middleware-overview",{"title":525,"path":526,"stem":527},"Built-in Middleware","/middleware/built-in-middleware","13.middleware/03.built-in-middleware",{"title":529,"path":530,"stem":531},"Creating Custom Middleware","/middleware/creating-custom-middleware","13.middleware/04.creating-custom-middleware",{"title":533,"path":534,"stem":535},"Middleware Ordering","/middleware/middleware-ordering","13.middleware/05.middleware-ordering",{"title":537,"path":538,"stem":539},"Performance and Debugging","/middleware/performance-and-debugging","13.middleware/06.performance-and-debugging",{"title":541,"path":542,"stem":543,"children":544},"Security","/security","14.security/01.index",[545,546,550,554,558,562,566,570,574],{"title":541,"path":542,"stem":543},{"title":547,"path":548,"stem":549},"Django Security Philosophy","/security/django-security-philosophy","14.security/02.django-security-philosophy",{"title":551,"path":552,"stem":553},"Cross Site Request Forgery","/security/cross-site-request-forgery","14.security/03.cross-site-request-forgery",{"title":555,"path":556,"stem":557},"Cross Site Scripting","/security/cross-site-scripting","14.security/04.cross-site-scripting",{"title":559,"path":560,"stem":561},"SQL Injection Protection","/security/sql-injection-protection","14.security/05.sql-injection-protection",{"title":563,"path":564,"stem":565},"Clickjacking Protection","/security/clickjacking-protection","14.security/06.clickjacking-protection",{"title":567,"path":568,"stem":569},"HTTPS Setup and HSTS","/security/https-setup-and-hsts","14.security/07.https-setup-and-hsts",{"title":571,"path":572,"stem":573},"Password Storage and Cryptography","/security/password-storage-and-cryptography","14.security/08.password-storage-and-cryptography",{"title":575,"path":576,"stem":577},"Secure Deployment Checklist","/security/secure-deployment-checklist","14.security/09.secure-deployment-checklist",{"title":579,"path":580,"stem":581,"children":582},"Testing","/testing","15.testing/01.index",[583,584,588,592,596,600,604,608,612,616,620],{"title":579,"path":580,"stem":581},{"title":585,"path":586,"stem":587},"Introduction to Django Testing","/testing/introduction-to-django-testing","15.testing/02.introduction-to-django-testing",{"title":589,"path":590,"stem":591},"Writing and Running Tests","/testing/writing-and-running-tests","15.testing/03.writing-and-running-tests",{"title":593,"path":594,"stem":595},"Test Tools","/testing/test-tools","15.testing/04.test-tools",{"title":597,"path":598,"stem":599},"Testing Models","/testing/testing-models","15.testing/05.testing-models",{"title":601,"path":602,"stem":603},"Testing Views","/testing/testing-views","15.testing/06.testing-views",{"title":605,"path":606,"stem":607},"Testing Forms","/testing/testing-forms","15.testing/07.testing-forms",{"title":609,"path":610,"stem":611},"Testing Templates","/testing/testing-templates","15.testing/08.testing-templates",{"title":613,"path":614,"stem":615},"Testing Authentication","/testing/testing-authentication","15.testing/09.testing-authentication",{"title":617,"path":618,"stem":619},"Advanced Testing Topics","/testing/advanced-testing-topics","15.testing/10.advanced-testing-topics",{"title":621,"path":622,"stem":623},"Performance Testing","/testing/performance-testing","15.testing/11.performance-testing",{"title":625,"path":626,"stem":627,"children":628},"Static Assets and Frontend Integration","/static-assets-and-frontend-integration","16.static-assets-and-frontend-integration/01.index",[629,630,634,638,642,646],{"title":625,"path":626,"stem":627},{"title":631,"path":632,"stem":633},"Working with Static Files","/static-assets-and-frontend-integration/working-with-static-files","16.static-assets-and-frontend-integration/02.working-with-static-files",{"title":635,"path":636,"stem":637},"Integrating CSS and JavaScript","/static-assets-and-frontend-integration/integrating-css-and-javascript","16.static-assets-and-frontend-integration/03.integrating-css-and-javascript",{"title":639,"path":640,"stem":641},"Using Build Tools like Vite or Webpack","/static-assets-and-frontend-integration/using-build-tools-like-vite-or-webpack","16.static-assets-and-frontend-integration/04.using-build-tools-like-vite-or-webpack",{"title":643,"path":644,"stem":645},"Using React or Vue with Django","/static-assets-and-frontend-integration/using-react-or-vue-with-django","16.static-assets-and-frontend-integration/05.using-react-or-vue-with-django",{"title":647,"path":648,"stem":649},"Managing CORS","/static-assets-and-frontend-integration/managing-cors","16.static-assets-and-frontend-integration/06.managing-cors",{"title":651,"path":652,"stem":653,"children":654},"Internationalization and Localization","/internationalization-and-localization","17.internationalization-and-localization/01.index",[655,656,660,664,668],{"title":651,"path":652,"stem":653},{"title":657,"path":658,"stem":659},"Enabling Translation","/internationalization-and-localization/enabling-translation","17.internationalization-and-localization/02.enabling-translation",{"title":661,"path":662,"stem":663},"Translating Text in Code and Templates","/internationalization-and-localization/translating-text-in-code-and-templates","17.internationalization-and-localization/03.translating-text-in-code-and-templates",{"title":665,"path":666,"stem":667},"Timezone Support","/internationalization-and-localization/timezone-support","17.internationalization-and-localization/04.timezone-support",{"title":669,"path":670,"stem":671},"Locale Middleware","/internationalization-and-localization/locale-middleware","17.internationalization-and-localization/05.locale-middleware",{"title":673,"path":674,"stem":675,"children":676},"Caching","/caching","18.caching/01.index",[677,678,682,686,690,694,698],{"title":673,"path":674,"stem":675},{"title":679,"path":680,"stem":681},"Introduction to Caching","/caching/introduction-to-caching","18.caching/02.introduction-to-caching",{"title":683,"path":684,"stem":685},"Cache Backends","/caching/cache-backends","18.caching/03.cache-backends",{"title":687,"path":688,"stem":689},"Per View Caching","/caching/per-view-caching","18.caching/04.per-view-caching",{"title":691,"path":692,"stem":693},"Low Level Cache API","/caching/low-level-cache-api","18.caching/05.low-level-cache-api",{"title":695,"path":696,"stem":697},"Template Fragment Caching","/caching/template-fragment-caching","18.caching/06.template-fragment-caching",{"title":699,"path":700,"stem":701},"Deployment Level Caching Patterns","/caching/deployment-level-caching-patterns","18.caching/07.deployment-level-caching-patterns",{"title":703,"path":704,"stem":705,"children":706},"Asynchronous Django","/asynchronous-django","19.asynchronous-django/01.index",[707,708,712,716,720,724,728,732],{"title":703,"path":704,"stem":705},{"title":709,"path":710,"stem":711},"Introduction to ASGI","/asynchronous-django/introduction-to-asgi","19.asynchronous-django/02.introduction-to-asgi",{"title":713,"path":714,"stem":715},"Async Views","/asynchronous-django/async-views","19.asynchronous-django/03.async-views",{"title":717,"path":718,"stem":719},"Async ORM Status","/asynchronous-django/async-orm-status","19.asynchronous-django/04.async-orm-status",{"title":721,"path":722,"stem":723},"WebSockets with Channels","/asynchronous-django/websockets-with-channels","19.asynchronous-django/05.websockets-with-channels",{"title":725,"path":726,"stem":727},"Background Tasks with Celery or RQ","/asynchronous-django/background-tasks-with-celery-or-rq","19.asynchronous-django/06.background-tasks-with-celery-or-rq",{"title":729,"path":730,"stem":731},"Asynchronous Support","/asynchronous-django/asynchronous-support","19.asynchronous-django/07.asynchronous-support",{"title":733,"path":734,"stem":735},"Django's Tasks Framework","/asynchronous-django/django-tasks-framework","19.asynchronous-django/08.django-tasks-framework",{"title":737,"path":738,"stem":739,"children":740},"Deployment","/deployment","20.deployment/01.index",[741,742,746,750,754,758,762,766,770],{"title":737,"path":738,"stem":739},{"title":743,"path":744,"stem":745},"Preparing for Production","/deployment/preparing-for-production","20.deployment/02.preparing-for-production",{"title":747,"path":748,"stem":749},"Using WSGI and ASGI Servers","/deployment/using-wsgi-and-asgi-servers","20.deployment/03.using-wsgi-and-asgi-servers",{"title":751,"path":752,"stem":753},"Deploying on Linux Servers","/deployment/deploying-on-linux-servers","20.deployment/04.deploying-on-linux-servers",{"title":755,"path":756,"stem":757},"Using Docker","/deployment/using-docker","20.deployment/05.using-docker",{"title":759,"path":760,"stem":761},"Cloud Deployment Guides","/deployment/cloud-deployment-guides","20.deployment/06.cloud-deployment-guides",{"title":763,"path":764,"stem":765},"Scaling and Load Balancing","/deployment/scaling-and-load-balancing","20.deployment/07.scaling-and-load-balancing",{"title":767,"path":768,"stem":769},"Monitoring and Logging","/deployment/monitoring-and-logging","20.deployment/08.monitoring-and-logging",{"title":771,"path":772,"stem":773},"Backup Strategies","/deployment/backup-strategies","20.deployment/09.backup-strategies",{"title":775,"path":776,"stem":777,"children":778},"Performance and Optimization","/performance-and-optimization","21.performance-and-optimization/01.index",[779,780,784,788,792,796],{"title":775,"path":776,"stem":777},{"title":781,"path":782,"stem":783},"Query Optimization","/performance-and-optimization/query-optimization","21.performance-and-optimization/02.query-optimization",{"title":785,"path":786,"stem":787},"Template Rendering Optimization","/performance-and-optimization/template-rendering-optimization","21.performance-and-optimization/03.template-rendering-optimization",{"title":789,"path":790,"stem":791},"Using Select Related and Prefetch Related","/performance-and-optimization/using-select-related-and-prefetch-related","21.performance-and-optimization/04.using-select-related-and-prefetch-related",{"title":793,"path":794,"stem":795},"Caching Strategies","/performance-and-optimization/caching-strategies","21.performance-and-optimization/05.caching-strategies",{"title":797,"path":798,"stem":799},"Profiling Django Apps","/performance-and-optimization/profiling-django-apps","21.performance-and-optimization/06.profiling-django-apps",{"title":801,"path":802,"stem":803,"children":804},"Advanced and Expert Topics","/advanced-and-expert-topics","22.advanced-and-expert-topics/01.index",[805,806,810,814,818,822,826,830,834,838,842,846],{"title":801,"path":802,"stem":803},{"title":807,"path":808,"stem":809},"System Architecture Patterns","/advanced-and-expert-topics/system-architecture-patterns","22.advanced-and-expert-topics/02.system-architecture-patterns",{"title":811,"path":812,"stem":813},"Domain Driven Design with Django","/advanced-and-expert-topics/domain-driven-design-with-django","22.advanced-and-expert-topics/03.domain-driven-design-with-django",{"title":815,"path":816,"stem":817},"Building Large Scale Django Projects","/advanced-and-expert-topics/building-large-scale-django-projects","22.advanced-and-expert-topics/04.building-large-scale-django-projects",{"title":819,"path":820,"stem":821},"Plugin Architectures for Django Apps","/advanced-and-expert-topics/plugin-architectures-for-django-apps","22.advanced-and-expert-topics/05.plugin-architectures-for-django-apps",{"title":823,"path":824,"stem":825},"Extending Django's Core","/advanced-and-expert-topics/extending-djangos-core","22.advanced-and-expert-topics/06.extending-djangos-core",{"title":827,"path":828,"stem":829},"Custom ORM Expressions","/advanced-and-expert-topics/custom-orm-expressions","22.advanced-and-expert-topics/07.custom-orm-expressions",{"title":831,"path":832,"stem":833},"Custom Management Commands","/advanced-and-expert-topics/custom-management-commands","22.advanced-and-expert-topics/08.custom-management-commands",{"title":835,"path":836,"stem":837},"Working with Signals","/advanced-and-expert-topics/working-with-signals","22.advanced-and-expert-topics/09.working-with-signals",{"title":839,"path":840,"stem":841},"Building Reusable Django Packages","/advanced-and-expert-topics/building-reusable-django-packages","22.advanced-and-expert-topics/10.building-reusable-django-packages",{"title":843,"path":844,"stem":845},"Integrating Microservices","/advanced-and-expert-topics/integrating-microservices","22.advanced-and-expert-topics/11.integrating-microservices",{"title":847,"path":848,"stem":849},"Advanced Security Hardening","/advanced-and-expert-topics/advanced-security-hardening","22.advanced-and-expert-topics/12.advanced-security-hardening",{"title":851,"path":852,"stem":853,"children":854},"Logging in Django","/logging-in-django","23.logging-in-django/01.index",[855],{"title":851,"path":852,"stem":853},{"title":857,"path":858,"stem":859,"children":860},"FAQ and Troubleshooting","/faq-and-troubleshooting","24.faq-and-troubleshooting/01.index",[861],{"title":857,"path":858,"stem":859},{"title":863,"path":864,"stem":865,"children":866},"External Packages and Ecosystem","/external-packages-and-ecosystem","25.external-packages-and-ecosystem/01.index",[867],{"title":863,"path":864,"stem":865},{"title":869,"path":870,"stem":871,"children":872},"Django Internals and Contributing","/django-internals-and-contributing","26.django-internals-and-contributing/01.index",[873],{"title":869,"path":870,"stem":871},{"title":875,"path":876,"stem":877,"children":878},"Microservices with Django","/microservices-with-django","27.microservices-with-django/01.index",[879,880,884,888,892,896,900,904,908,912,916,920,924],{"title":875,"path":876,"stem":877},{"title":881,"path":882,"stem":883},"What Is a Microservice?","/microservices-with-django/what-is-a-microservice","27.microservices-with-django/02.what-is-a-microservice",{"title":885,"path":886,"stem":887},"Introducing the Django Microservices Architecture","/microservices-with-django/django-microservices-architecture","27.microservices-with-django/03.django-microservices-architecture",{"title":889,"path":890,"stem":891},"Setting Up the Development and Runtime Environment","/microservices-with-django/development-environment","27.microservices-with-django/04.development-environment",{"title":893,"path":894,"stem":895},"Cloud-native Data Processing with MongoDB","/microservices-with-django/cloud-native-data-processing","27.microservices-with-django/05.cloud-native-data-processing",{"title":897,"path":898,"stem":899},"Creating RESTful APIs for Microservices","/microservices-with-django/restful-apis","27.microservices-with-django/06.restful-apis",{"title":901,"path":902,"stem":903},"Orchestrating Microservices with Celery and RabbitMQ","/microservices-with-django/orchestrating-celery-rabbitmq","27.microservices-with-django/07.orchestrating-celery-rabbitmq",{"title":905,"path":906,"stem":907},"Testing Microservices","/microservices-with-django/testing-microservices","27.microservices-with-django/08.testing-microservices",{"title":909,"path":910,"stem":911},"Deploying Microservices","/microservices-with-django/deploying-microservices","27.microservices-with-django/09.deploying-microservices",{"title":913,"path":914,"stem":915},"Securing Microservices","/microservices-with-django/securing-microservices","27.microservices-with-django/10.securing-microservices",{"title":917,"path":918,"stem":919},"Improving Microservices Performance with Caching","/microservices-with-django/performance-caching","27.microservices-with-django/11.performance-caching",{"title":921,"path":922,"stem":923},"Best Practices","/microservices-with-django/best-practices","27.microservices-with-django/12.best-practices",{"title":925,"path":926,"stem":927},"Transforming a Monolithic Web App into a Microservice version","/microservices-with-django/monolith-to-microservices","27.microservices-with-django/13.monolith-to-microservices",{"title":929,"path":930,"stem":931,"children":932},"Releases","/releases","releases",[933,936,940,944,948,952,956,960,964,968,972,976,980,984,988,992,996,1000,1004,1008,1012],{"title":934,"path":930,"stem":935},"Django Releases","releases/index",{"title":937,"path":938,"stem":939},"Django 5.1.10 release notes","/releases/5.1.10","releases/5.1.10",{"title":941,"path":942,"stem":943},"Django 5.1.11 release notes","/releases/5.1.11","releases/5.1.11",{"title":945,"path":946,"stem":947},"Django 5.1.12 release notes","/releases/5.1.12","releases/5.1.12",{"title":949,"path":950,"stem":951},"Django 5.1.13 release notes","/releases/5.1.13","releases/5.1.13",{"title":953,"path":954,"stem":955},"Django 5.1.14 release notes","/releases/5.1.14","releases/5.1.14",{"title":957,"path":958,"stem":959},"Django 5.1.15 release notes","/releases/5.1.15","releases/5.1.15",{"title":961,"path":962,"stem":963},"Django 5.2 release notes","/releases/5.2","releases/5.2",{"title":965,"path":966,"stem":967},"Django 5.2.1 release notes","/releases/5.2.1","releases/5.2.1",{"title":969,"path":970,"stem":971},"Django 5.2.10 release notes","/releases/5.2.10","releases/5.2.10",{"title":973,"path":974,"stem":975},"Django 5.2.2 release notes","/releases/5.2.2","releases/5.2.2",{"title":977,"path":978,"stem":979},"Django 5.2.3 release notes","/releases/5.2.3","releases/5.2.3",{"title":981,"path":982,"stem":983},"Django 5.2.4 release notes","/releases/5.2.4","releases/5.2.4",{"title":985,"path":986,"stem":987},"Django 5.2.5 release notes","/releases/5.2.5","releases/5.2.5",{"title":989,"path":990,"stem":991},"Django 5.2.6 release notes","/releases/5.2.6","releases/5.2.6",{"title":993,"path":994,"stem":995},"Django 5.2.7 release notes","/releases/5.2.7","releases/5.2.7",{"title":997,"path":998,"stem":999},"Django 5.2.8 release notes","/releases/5.2.8","releases/5.2.8",{"title":1001,"path":1002,"stem":1003},"Django 5.2.9 release notes","/releases/5.2.9","releases/5.2.9",{"title":1005,"path":1006,"stem":1007},"Django 6.0 release notes","/releases/6.0","releases/6.0",{"title":1009,"path":1010,"stem":1011},"Django 6.0.1 release notes","/releases/6.0.1","releases/6.0.1",{"title":1013,"path":1014,"stem":1015},"Django 6.1 release notes - UNDER DEVELOPMENT","/releases/6.1","releases/6.1",{"id":1017,"title":541,"body":1018,"description":1028,"extension":1848,"links":1849,"meta":1850,"navigation":1735,"path":542,"seo":1851,"stem":543,"__hash__":1852},"docs/14.security/01.index.md",{"type":1019,"value":1020,"toc":1807},"minimark",[1021,1025,1029,1034,1037,1082,1086,1091,1094,1132,1136,1139,1202,1206,1210,1213,1250,1254,1257,1289,1293,1297,1300,1338,1342,1345,1371,1375,1378,1404,1408,1412,1438,1442,1468,1472,1498,1502,1528,1532,1536,1550,1554,1568,1572,1586,1590,1594,1620,1624,1650,1654,1680,1684,1688,1720,1724,1780,1784,1787,1804],[1022,1023,541],"h1",{"id":1024},"security",[1026,1027,1028],"p",{},"Security is a fundamental aspect of web application development, and Django provides robust built-in protections against common web vulnerabilities. This comprehensive guide covers Django's security features and best practices for building secure applications.",[1030,1031,1033],"h2",{"id":1032},"what-youll-learn","What You'll Learn",[1026,1035,1036],{},"In this part, you'll master Django's security framework:",[1038,1039,1040,1047,1052,1057,1062,1067,1072,1077],"ul",{},[1041,1042,1043,1046],"li",{},[1044,1045,547],"strong",{}," - Understand Django's approach to security and secure-by-default principles",[1041,1048,1049,1051],{},[1044,1050,551],{}," - Protect against CSRF attacks with Django's built-in mechanisms",[1041,1053,1054,1056],{},[1044,1055,555],{}," - Prevent XSS vulnerabilities through proper output escaping and validation",[1041,1058,1059,1061],{},[1044,1060,559],{}," - Leverage Django's ORM to prevent SQL injection attacks",[1041,1063,1064,1066],{},[1044,1065,563],{}," - Implement frame options and CSP to prevent clickjacking",[1041,1068,1069,1071],{},[1044,1070,567],{}," - Configure secure connections and HTTP Strict Transport Security",[1041,1073,1074,1076],{},[1044,1075,571],{}," - Implement secure password handling and encryption",[1041,1078,1079,1081],{},[1044,1080,575],{}," - Follow comprehensive security guidelines for production",[1030,1083,1085],{"id":1084},"security-landscape","Security Landscape",[1087,1088,1090],"h3",{"id":1089},"common-web-vulnerabilities","Common Web Vulnerabilities",[1026,1092,1093],{},"Modern web applications face numerous security threats:",[1038,1095,1096,1102,1108,1114,1120,1126],{},[1041,1097,1098,1101],{},[1044,1099,1100],{},"Injection Attacks"," - SQL injection, command injection, LDAP injection",[1041,1103,1104,1107],{},[1044,1105,1106],{},"Cross-Site Scripting (XSS)"," - Reflected, stored, and DOM-based XSS",[1041,1109,1110,1113],{},[1044,1111,1112],{},"Cross-Site Request Forgery (CSRF)"," - Unauthorized actions on behalf of users",[1041,1115,1116,1119],{},[1044,1117,1118],{},"Clickjacking"," - UI redress attacks through iframe embedding",[1041,1121,1122,1125],{},[1044,1123,1124],{},"Session Management"," - Session hijacking and fixation attacks",[1041,1127,1128,1131],{},[1044,1129,1130],{},"Authentication Bypass"," - Weak authentication and authorization flaws",[1087,1133,1135],{"id":1134},"owasp-top-10","OWASP Top 10",[1026,1137,1138],{},"Django addresses the OWASP Top 10 security risks:",[1140,1141,1142,1148,1154,1160,1166,1172,1178,1184,1190,1196],"ol",{},[1041,1143,1144,1147],{},[1044,1145,1146],{},"Injection"," - Protected by ORM and parameterized queries",[1041,1149,1150,1153],{},[1044,1151,1152],{},"Broken Authentication"," - Secure session management and password handling",[1041,1155,1156,1159],{},[1044,1157,1158],{},"Sensitive Data Exposure"," - HTTPS enforcement and secure headers",[1041,1161,1162,1165],{},[1044,1163,1164],{},"XML External Entities (XXE)"," - Safe XML processing practices",[1041,1167,1168,1171],{},[1044,1169,1170],{},"Broken Access Control"," - Permission system and decorators",[1041,1173,1174,1177],{},[1044,1175,1176],{},"Security Misconfiguration"," - Secure defaults and deployment guides",[1041,1179,1180,1183],{},[1044,1181,1182],{},"Cross-Site Scripting"," - Template auto-escaping and validation",[1041,1185,1186,1189],{},[1044,1187,1188],{},"Insecure Deserialization"," - Safe serialization practices",[1041,1191,1192,1195],{},[1044,1193,1194],{},"Known Vulnerabilities"," - Regular security updates",[1041,1197,1198,1201],{},[1044,1199,1200],{},"Insufficient Logging"," - Comprehensive audit trails",[1030,1203,1205],{"id":1204},"djangos-security-features","Django's Security Features",[1087,1207,1209],{"id":1208},"built-in-protections","Built-in Protections",[1026,1211,1212],{},"Django provides security features out of the box:",[1038,1214,1215,1221,1227,1233,1238,1244],{},[1041,1216,1217,1220],{},[1044,1218,1219],{},"CSRF Protection"," - Automatic token validation for state-changing requests",[1041,1222,1223,1226],{},[1044,1224,1225],{},"XSS Prevention"," - Template auto-escaping and safe string handling",[1041,1228,1229,1232],{},[1044,1230,1231],{},"SQL Injection Prevention"," - ORM with parameterized queries",[1041,1234,1235,1237],{},[1044,1236,563],{}," - X-Frame-Options and CSP headers",[1041,1239,1240,1243],{},[1044,1241,1242],{},"Secure Session Management"," - Cryptographically signed sessions",[1041,1245,1246,1249],{},[1044,1247,1248],{},"Password Security"," - Strong hashing algorithms and validation",[1087,1251,1253],{"id":1252},"security-middleware","Security Middleware",[1026,1255,1256],{},"Django's security middleware provides additional protections:",[1038,1258,1259,1265,1271,1277,1283],{},[1041,1260,1261,1264],{},[1044,1262,1263],{},"SecurityMiddleware"," - HTTPS redirects and security headers",[1041,1266,1267,1270],{},[1044,1268,1269],{},"SessionMiddleware"," - Secure session cookie handling",[1041,1272,1273,1276],{},[1044,1274,1275],{},"CsrfViewMiddleware"," - CSRF token validation",[1041,1278,1279,1282],{},[1044,1280,1281],{},"XFrameOptionsMiddleware"," - Clickjacking prevention",[1041,1284,1285,1288],{},[1044,1286,1287],{},"AuthenticationMiddleware"," - User authentication context",[1030,1290,1292],{"id":1291},"security-principles","Security Principles",[1087,1294,1296],{"id":1295},"defense-in-depth","Defense in Depth",[1026,1298,1299],{},"Implement multiple layers of security:",[1038,1301,1302,1308,1314,1320,1326,1332],{},[1041,1303,1304,1307],{},[1044,1305,1306],{},"Input Validation"," - Validate all user inputs at multiple levels",[1041,1309,1310,1313],{},[1044,1311,1312],{},"Output Encoding"," - Properly encode output for different contexts",[1041,1315,1316,1319],{},[1044,1317,1318],{},"Authentication"," - Strong user authentication mechanisms",[1041,1321,1322,1325],{},[1044,1323,1324],{},"Authorization"," - Granular permission controls",[1041,1327,1328,1331],{},[1044,1329,1330],{},"Encryption"," - Protect data in transit and at rest",[1041,1333,1334,1337],{},[1044,1335,1336],{},"Monitoring"," - Comprehensive logging and alerting",[1087,1339,1341],{"id":1340},"secure-by-default","Secure by Default",[1026,1343,1344],{},"Django follows secure-by-default principles:",[1038,1346,1347,1353,1359,1365],{},[1041,1348,1349,1352],{},[1044,1350,1351],{},"Safe Defaults"," - Secure configuration options by default",[1041,1354,1355,1358],{},[1044,1356,1357],{},"Explicit Opt-out"," - Security features enabled unless explicitly disabled",[1041,1360,1361,1364],{},[1044,1362,1363],{},"Clear Documentation"," - Security implications clearly documented",[1041,1366,1367,1370],{},[1044,1368,1369],{},"Regular Updates"," - Timely security patches and updates",[1087,1372,1374],{"id":1373},"principle-of-least-privilege","Principle of Least Privilege",[1026,1376,1377],{},"Grant minimal necessary permissions:",[1038,1379,1380,1386,1392,1398],{},[1041,1381,1382,1385],{},[1044,1383,1384],{},"User Permissions"," - Role-based access control",[1041,1387,1388,1391],{},[1044,1389,1390],{},"Database Access"," - Limited database user privileges",[1041,1393,1394,1397],{},[1044,1395,1396],{},"File System"," - Restricted file access permissions",[1041,1399,1400,1403],{},[1044,1401,1402],{},"Network Access"," - Minimal network exposure",[1030,1405,1407],{"id":1406},"security-development-lifecycle","Security Development Lifecycle",[1087,1409,1411],{"id":1410},"planning-phase","Planning Phase",[1038,1413,1414,1420,1426,1432],{},[1041,1415,1416,1419],{},[1044,1417,1418],{},"Threat Modeling"," - Identify potential security threats",[1041,1421,1422,1425],{},[1044,1423,1424],{},"Security Requirements"," - Define security objectives and constraints",[1041,1427,1428,1431],{},[1044,1429,1430],{},"Risk Assessment"," - Evaluate and prioritize security risks",[1041,1433,1434,1437],{},[1044,1435,1436],{},"Compliance Requirements"," - Address regulatory and legal requirements",[1087,1439,1441],{"id":1440},"development-phase","Development Phase",[1038,1443,1444,1450,1456,1462],{},[1041,1445,1446,1449],{},[1044,1447,1448],{},"Secure Coding"," - Follow secure coding practices",[1041,1451,1452,1455],{},[1044,1453,1454],{},"Code Review"," - Security-focused code reviews",[1041,1457,1458,1461],{},[1044,1459,1460],{},"Static Analysis"," - Automated security scanning tools",[1041,1463,1464,1467],{},[1044,1465,1466],{},"Dependency Management"," - Monitor third-party dependencies",[1087,1469,1471],{"id":1470},"testing-phase","Testing Phase",[1038,1473,1474,1480,1486,1492],{},[1041,1475,1476,1479],{},[1044,1477,1478],{},"Security Testing"," - Penetration testing and vulnerability assessment",[1041,1481,1482,1485],{},[1044,1483,1484],{},"Authentication Testing"," - Verify authentication mechanisms",[1041,1487,1488,1491],{},[1044,1489,1490],{},"Authorization Testing"," - Test access controls",[1041,1493,1494,1497],{},[1044,1495,1496],{},"Input Validation Testing"," - Verify input sanitization",[1087,1499,1501],{"id":1500},"deployment-phase","Deployment Phase",[1038,1503,1504,1510,1516,1522],{},[1041,1505,1506,1509],{},[1044,1507,1508],{},"Secure Configuration"," - Production security settings",[1041,1511,1512,1515],{},[1044,1513,1514],{},"Infrastructure Security"," - Secure server and network configuration",[1041,1517,1518,1521],{},[1044,1519,1520],{},"Monitoring Setup"," - Security monitoring and alerting",[1041,1523,1524,1527],{},[1044,1525,1526],{},"Incident Response"," - Security incident response procedures",[1030,1529,1531],{"id":1530},"common-security-mistakes","Common Security Mistakes",[1087,1533,1535],{"id":1534},"configuration-issues","Configuration Issues",[1038,1537,1538,1541,1544,1547],{},[1041,1539,1540],{},"Using DEBUG=True in production",[1041,1542,1543],{},"Weak SECRET_KEY values",[1041,1545,1546],{},"Insecure database configurations",[1041,1548,1549],{},"Missing security headers",[1087,1551,1553],{"id":1552},"code-vulnerabilities","Code Vulnerabilities",[1038,1555,1556,1559,1562,1565],{},[1041,1557,1558],{},"Bypassing Django's security features",[1041,1560,1561],{},"Unsafe use of raw SQL queries",[1041,1563,1564],{},"Improper input validation",[1041,1566,1567],{},"Insecure file handling",[1087,1569,1571],{"id":1570},"deployment-problems","Deployment Problems",[1038,1573,1574,1577,1580,1583],{},[1041,1575,1576],{},"Unencrypted communications",[1041,1578,1579],{},"Weak server configurations",[1041,1581,1582],{},"Missing security updates",[1041,1584,1585],{},"Inadequate monitoring",[1030,1587,1589],{"id":1588},"security-tools-and-resources","Security Tools and Resources",[1087,1591,1593],{"id":1592},"django-security-tools","Django Security Tools",[1038,1595,1596,1602,1608,1614],{},[1041,1597,1598,1601],{},[1044,1599,1600],{},"django-security"," - Additional security middleware",[1041,1603,1604,1607],{},[1044,1605,1606],{},"django-csp"," - Content Security Policy implementation",[1041,1609,1610,1613],{},[1044,1611,1612],{},"django-ratelimit"," - Rate limiting protection",[1041,1615,1616,1619],{},[1044,1617,1618],{},"django-axes"," - Brute force protection",[1087,1621,1623],{"id":1622},"external-security-tools","External Security Tools",[1038,1625,1626,1632,1638,1644],{},[1041,1627,1628,1631],{},[1044,1629,1630],{},"OWASP ZAP"," - Web application security scanner",[1041,1633,1634,1637],{},[1044,1635,1636],{},"Bandit"," - Python security linter",[1041,1639,1640,1643],{},[1044,1641,1642],{},"Safety"," - Dependency vulnerability scanner",[1041,1645,1646,1649],{},[1044,1647,1648],{},"Semgrep"," - Static analysis security tool",[1087,1651,1653],{"id":1652},"security-resources","Security Resources",[1038,1655,1656,1662,1668,1674],{},[1041,1657,1658,1661],{},[1044,1659,1660],{},"Django Security Documentation"," - Official security guidelines",[1041,1663,1664,1667],{},[1044,1665,1666],{},"OWASP Guidelines"," - Web application security best practices",[1041,1669,1670,1673],{},[1044,1671,1672],{},"CVE Database"," - Common vulnerabilities and exposures",[1041,1675,1676,1679],{},[1044,1677,1678],{},"Security Blogs"," - Latest security research and trends",[1030,1681,1683],{"id":1682},"getting-started-with-security","Getting Started with Security",[1087,1685,1687],{"id":1686},"basic-security-setup","Basic Security Setup",[1140,1689,1690,1696,1702,1708,1714],{},[1041,1691,1692,1695],{},[1044,1693,1694],{},"Enable Security Middleware"," - Configure Django's security middleware",[1041,1697,1698,1701],{},[1044,1699,1700],{},"Set Secure Defaults"," - Use secure configuration settings",[1041,1703,1704,1707],{},[1044,1705,1706],{},"Implement Authentication"," - Set up user authentication",[1041,1709,1710,1713],{},[1044,1711,1712],{},"Add Input Validation"," - Validate all user inputs",[1041,1715,1716,1719],{},[1044,1717,1718],{},"Configure HTTPS"," - Enable secure communications",[1087,1721,1723],{"id":1722},"security-checklist","Security Checklist",[1038,1725,1728,1738,1744,1750,1756,1762,1768,1774],{"className":1726},[1727],"contains-task-list",[1041,1729,1732,1737],{"className":1730},[1731],"task-list-item",[1733,1734],"input",{"disabled":1735,"type":1736},true,"checkbox"," Security middleware enabled",[1041,1739,1741,1743],{"className":1740},[1731],[1733,1742],{"disabled":1735,"type":1736}," CSRF protection active",[1041,1745,1747,1749],{"className":1746},[1731],[1733,1748],{"disabled":1735,"type":1736}," XSS protection configured",[1041,1751,1753,1755],{"className":1752},[1731],[1733,1754],{"disabled":1735,"type":1736}," SQL injection prevention verified",[1041,1757,1759,1761],{"className":1758},[1731],[1733,1760],{"disabled":1735,"type":1736}," Clickjacking protection enabled",[1041,1763,1765,1767],{"className":1764},[1731],[1733,1766],{"disabled":1735,"type":1736}," HTTPS properly configured",[1041,1769,1771,1773],{"className":1770},[1731],[1733,1772],{"disabled":1735,"type":1736}," Secure password handling implemented",[1041,1775,1777,1779],{"className":1776},[1731],[1733,1778],{"disabled":1735,"type":1736}," Production security settings applied",[1030,1781,1783],{"id":1782},"prerequisites","Prerequisites",[1026,1785,1786],{},"Before diving into Django security, ensure you understand:",[1038,1788,1789,1792,1795,1798,1801],{},[1041,1790,1791],{},"Django's request/response cycle",[1041,1793,1794],{},"Template system and context processors",[1041,1796,1797],{},"Database operations and ORM",[1041,1799,1800],{},"Middleware and view processing",[1041,1802,1803],{},"HTTP protocol and web security basics",[1026,1805,1806],{},"Let's explore Django's comprehensive security framework and learn how to build applications that are secure by design and resilient against modern web threats.",{"title":1808,"searchDepth":1809,"depth":1810,"links":1811},"",1,2,[1812,1813,1818,1822,1827,1833,1838,1843,1847],{"id":1032,"depth":1810,"text":1033},{"id":1084,"depth":1810,"text":1085,"children":1814},[1815,1817],{"id":1089,"depth":1816,"text":1090},3,{"id":1134,"depth":1816,"text":1135},{"id":1204,"depth":1810,"text":1205,"children":1819},[1820,1821],{"id":1208,"depth":1816,"text":1209},{"id":1252,"depth":1816,"text":1253},{"id":1291,"depth":1810,"text":1292,"children":1823},[1824,1825,1826],{"id":1295,"depth":1816,"text":1296},{"id":1340,"depth":1816,"text":1341},{"id":1373,"depth":1816,"text":1374},{"id":1406,"depth":1810,"text":1407,"children":1828},[1829,1830,1831,1832],{"id":1410,"depth":1816,"text":1411},{"id":1440,"depth":1816,"text":1441},{"id":1470,"depth":1816,"text":1471},{"id":1500,"depth":1816,"text":1501},{"id":1530,"depth":1810,"text":1531,"children":1834},[1835,1836,1837],{"id":1534,"depth":1816,"text":1535},{"id":1552,"depth":1816,"text":1553},{"id":1570,"depth":1816,"text":1571},{"id":1588,"depth":1810,"text":1589,"children":1839},[1840,1841,1842],{"id":1592,"depth":1816,"text":1593},{"id":1622,"depth":1816,"text":1623},{"id":1652,"depth":1816,"text":1653},{"id":1682,"depth":1810,"text":1683,"children":1844},[1845,1846],{"id":1686,"depth":1816,"text":1687},{"id":1722,"depth":1816,"text":1723},{"id":1782,"depth":1810,"text":1783},"md",null,{},{"title":541,"description":1028},"oSEwWtpej0MyBYvPUDqfjIY0qO1mKZKZnhxEeDL_Wl4",[1854,1856],{"title":537,"path":538,"stem":539,"description":1855,"children":-1},"Middleware can significantly impact application performance and introduce complex debugging challenges. This chapter covers techniques for optimizing middleware performance and debugging middleware-related issues.",{"title":547,"path":548,"stem":549,"description":1857,"children":-1},"Django's approach to security is built on the principle of \"secure by default\" - providing robust security features out of the box while making it easy for developers to build secure applications. This chapter explores Django's security philosophy and core principles.",1772474937823]