search

OWASP / CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
https://cheatsheetseries.owasp.org
Creative Commons Attribution Share Alike 4.0 International
27.75k stars 3.89k forks source link

Update: [Django Security Cheat Sheet] - default url to admin panel #1252

Closed Cmaiek closed 9 months ago

Cmaiek commented 10 months ago

What is missing or needs to be updated?

It is advisable to modify the default url leading to the admin panel (example.com/admin/), in order to make automated attacks this bit more difficult.

How should this be resolved?

In the default app folder within your project, locate the urls.py file managing the top-level urls. Within the file, modify the ''urlpatterns'' variable (list), so that the url leading to admin.site.urls is different than "admin/".

I.e. change the variable from:

urlpatterns = [
    path("admin/", admin.site.urls),
    ...
    ]

to:

urlpatterns = [
    path("something-other-than-admin/", admin.site.urls),
    ...
    ]
jmanico commented 10 months ago

Great! Looking forward to a PR :)

Cmaiek commented 10 months ago

Great! Looking forward to a PR :)

Can I assume this means "the issue has been discussed and approved"? ;)

jmanico commented 9 months ago

Yeah, let's go with that