Django Security Best Practices | Django | Page 1

mighty bobcat Jan 14, 2025, 5:47 PM

#

A few points:

What library is django-sql-injection and what does it provide above Django's built-in protection?
Why on earth are you suggesting people use |safe to "escape user-provided data before displaying it in templates"? That's the exact opposite use case, and actively enables XSS!!
it claims Django has built-in rate limiting with APIView. It does not.

This entire article has the vibe of being written by ChatGPT. Why are you sharing an old, incorrect, AI-hallucinated and downright harmful article?

broken seal Jan 14, 2025, 6:22 PM

#

If you want to know what a library is, then you can look it up.
So which one is it?
https://pypi.org/search/?q=django-sql-injection
I agree with Ben, this sounds like GPT-generated misinformation...

#

Have you used Google before?
And please be respectful to other members, especially when they have already demonstrated their dedication to helping other members of the community.

mighty bobcat Jan 14, 2025, 6:30 PM

#

I already pointed out one way it's harmful: encouraging the use of the safe filter for its exact opposite purpose.

#Django Security Best Practices