|
|
|
|
|
|
by jwpeddle
5391 days ago
|
|
|
CSRF in on by default.
Cookies could be more secure, and it's being worked on.
Django is moving to PBKDF2 (there's no pure python bcrypt lib).
There's not really opportunity to do anything interesting with slugs. Like any framework, there will always be room to improve security, but it does do very well out of the box. At least it makes you work to expose anything obvious. |
|
|