Using Encryption and Hashing we can protect sensitive data. Data is mostly stored in the database in human-readable format but we need to encrypt it using python package django-cryptography.
Step 1 – Intallation
pip install django-cryptography
Step 2 – Modify Django Model
from django.db import models
from django_cryptography.fields import encrypt
class UserModel(models.Model):
name = models.CharField(max_length=256)
sensitive_data = encrypt(models.CharField(max_length=50))
...
def __str__(self):
return str(self.name)
That’s it.
Using symmetrical encryption to store sensitive data in the database. Wrap the desired model field with encrypting to easily protect its contents.
Securing Password
Django hashes the password using the PBKDF2 algorithm by default but it also provides the option to use any other algorithms provided by Django.
Securing the data over the Network
Make sure to use SSL and redirect HTTP to HTTPS.
Website is vulnerable to Man In The Middle attacks. So a hacker can intercept and change requests performed over HTTP. SECURE_HSTS_SECONDS setting can prevent this by setting it to a non-zero value in settings.py file.
SECURE_HSTS_SECONDS = 3600
Securing all the sub-domains
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
If SECURE_HSTS_PRELOAD
True, the SecurityMiddleware adds the preload directive to the HTTP Strict Transport Security header. It has no effect unless SECURE_HSTS_SECONDS is set to a non-zero value.
SECURE_HSTS_PRELOAD = True
Your website must set SECURE_HSTS_PRELOAD in order to be submitted to Chrome’s list
of sites that are hardcoded as being HTTPS only.
SECURE_HSTS_PRELOAD = True
SECURE_SSL_REDIRECT = os.getenv('SECURE_SSL_REDIRECT_ENABLED') != 'False'
If SECURE_SSL_REDIRECT is True, the SecurityMiddleware redirects all non-HTTPS requests to HTTPS (except for those URLs matching a regular expression listed in SECURE_REDIRECT_EXEMPT).
For more information on Django settings, please refer to Django Settings Document.
0 Comments