1.Let web server not run on debug mode.
2.Update nginx_docklet.conf to forbid double slashes url.
3.Add header into nginx to defend clickjacking.
4.Add CsrfProtect.
5.Forbid methods except for GET and POST in nginx.
6.Add LoginFailMsg into model & Ban user if he input wrong password for many times.
1.Let web server not run on debug mode. 2.Update nginx_docklet.conf to forbid double slashes url. 3.Add header into nginx to defend clickjacking. 4.Add CsrfProtect. 5.Forbid methods except for GET and POST in nginx. 6.Add LoginFailMsg into model & Ban user if he input wrong password for many times.