Closed callmeUmer closed 4 years ago
danirus
commented
4 years ago Indeed, it is designed so. Django apps relay on the security provided by the web servers you put in front of the Django project. In production you put Django behind a Web Server like Nginx, Apache. These servers have to be configured to use TLS certificates to enable HTTPS. Then your Django project will be secured.
callmeUmer
commented
4 years ago Ah okay my server does have the TLS certificate, but my question is that will this public endpoint have any real world re-precautions or this is totally safe to basically let this data be public.
danirus
commented
4 years ago I see.
If you want to prevent direct public access to your REST API and allow access only to your JavaScript plugin or a phone app, see how to implement authentication with DRF.
If you simply want to set up a limit on the number of requests see throttling with DRF. It allows to limit access based on the number of requests and on whether the requester is authenticated or not.
callmeUmer
commented
4 years ago Well Thanks, I just removed all of the sensitive data
is there any way to secure the restful API, even if you redirect to the API url. It starts to show all of the data publicly.
So is this going to be a security threat in the future or it is designed to be like this ?