Closed t-book closed 7 months ago
++ very good, thanks @t-book
I would postpone this to 3.2? Or shall someone make a draft for 3.1?
@gannebamm yes +1 . I do see this ticket as Ideas for improvements nothing urgent.
@t-book do you aready have a PR for this?
@giohappy unfortunately not. this is only in the state of suggestion. (we can close if you want)
We can keep it around for a while. We were considering some SEO optimizations for master branchs.
This issue collects Ideas for improvements regarding SEO and security.
SEO
robots.txt
Add a robots.txt which defines how crawlers index a geonode instance. A possible solution is to simply add a new URL together with an example robots.txt like:
sitemap
Add a sitemap to geonode which helps search engines to correctly index your pages and higher the seo ranking. For this job we can use the sitemap framework which comes with Django: https://docs.djangoproject.com/en/3.0/ref/contrib/sitemaps/
More about why sitemaps are still important for example here: https://www.searchenginejournal.com/html-sitemap-importance/325405/
Security
Password strength
GeoNode currently expects a password to have a length of 6 characters as the only requirement. (This allows insufficient combination like geonode/geonode or username/password )
We could improve security by using Djangos inbuilt password Validators
https://docs.djangoproject.com/en/3.0/topics/auth/passwords/#enabling-password-validation
Personally I would welcome
UserAttributeSimilarityValidator
andNumericPasswordValidator
to be added. Plus a third custom validator which forces the user to choose a combination between characters, numbers and special chars.Block user failed login attempts
A further improvement in security is to block users after x failed login attempts for y minutes/hours. This lowers the risks of password list penetrations and avoids unneeded server load. Possible candidates: