@@veryacademy thanks man you don't know how much you have helped me ..i was struggling alot to find good tutorial but couldn't find any ...then TH-cam recommended me one of your videos 😍 ...
@@veryacademy okay sure☺️ just keep on making helpful videos like these .. and please ☺️covers topics like caching with redis in django and using celery in future tutorials .it would be great help
Hi AF, as a general theme I am only offering code for the purpose of learning. The code is provided 'as is' without warranty or condition of any kind. This set of tutorials is an introduction to development - although you could use the code, this is just one part of a much bigger picture. Validation is validation - but that is only a small part of user authentication. I would always recommend that you follow all best known practices and take all possible precautions when developing / securing / monitoring / testing / deploying user authentication abiding by any local or international regulations etc. So what would be worthy of production - it is a books worth of answers 👍
@@veryacademy I guess I worded my question wrong. I understand that this code is for reference only. In what is django’s built in authentication lacking? I’m speaking theoretically here. I will do my research, but it would be nice to know which topics, aside from docs, I should read
Django is as secure as a web framework could be, just make sure you keep it updated. Reading through the docs it gives you even more tips, for example https, csrf issues and xss are some of the big issues. What I think I was saying is that although Django can be secure - we must remember also to consider the platform and how your code interacts with the great framework. Developing is a such a big task - many roles and expertise needed. If you were thinking about building and deploying an app on your own I would say first - go for it. Not knowing your background - I would say build simple first then use an iterative approach - add slowly to it. So if for example we deployed Django by default - nothing but Django (security wise) I would look to do some basics: 1. Setup HTTPS/SSL by default 2. Disable admin on production - no admin no login problems 😊 3. Add Firewall (WAF) 4. Use secure login/passwords/2 step auth on servers etc 5. Setup a backup routine AND test it before going live 6. Check file/folder permissions are set correctly 7. Setup a robust testing platform As you code you are asking yourself (not a full list) does my code cause/create opportunism for: Cross-Site Request Forgery (CSRF) Timing Attack SQL Injection CRLF Injection Clickjacking Attack Cross-Site Scripting (XSS) ... If you are using Django templates its important to read up on correct tags and practices for example. Is that a better answer? Let me know we can keep going 👍
Nice one. I've been wondering where I can set the numbers of characters for password. Thanks once again.
You're welcome
You are doing really great work
Thanks Luffy, appreciate the positive comments. Wish you all the best with your learning.
@@veryacademy thanks man you don't know how much you have helped me ..i was struggling alot to find good tutorial but couldn't find any ...then TH-cam recommended me one of your videos 😍 ...
@@Luffy-hi6xw Thanks! Let me know if you have any suggestions for content or need any tutorials making based on what you would like to learn.
@@veryacademy okay sure☺️ just keep on making helpful videos like these .. and please ☺️covers topics like caching with redis in django and using celery in future tutorials .it would be great help
@@Luffy-hi6xw +1
Waiting for next video. 🤔
You wont have to wait long - I have nearly finished it!
@@veryacademy I cant find the next video, what is the title of it ?
Hello sir, please make video on forget password using otp verification (not using email).
HI Ram, it is on my to-do list for sure. I will get this out soon.
@@veryacademy Thank you..
@@veryacademy Hey, when will u upload forget password video?
You mentioned that it is not worthy of production. What would be worthy of production? What do I need to add?
Hi AF, as a general theme I am only offering code for the purpose of learning. The code is provided 'as is' without warranty or condition of any kind. This set of tutorials is an introduction to development - although you could use the code, this is just one part of a much bigger picture. Validation is validation - but that is only a small part of user authentication. I would always recommend that you follow all best known practices and take all possible precautions when developing / securing / monitoring / testing / deploying user authentication abiding by any local or international regulations etc.
So what would be worthy of production - it is a books worth of answers 👍
@@veryacademy I guess I worded my question wrong. I understand that this code is for reference only. In what is django’s built in authentication lacking? I’m speaking theoretically here. I will do my research, but it would be nice to know which topics, aside from docs, I should read
Django is as secure as a web framework could be, just make sure you keep it updated. Reading through the docs it gives you even more tips, for example https, csrf issues and xss are some of the big issues. What I think I was saying is that although Django can be secure - we must remember also to consider the platform and how your code interacts with the great framework.
Developing is a such a big task - many roles and expertise needed. If you were thinking about building and deploying an app on your own I would say first - go for it. Not knowing your background - I would say build simple first then use an iterative approach - add slowly to it.
So if for example we deployed Django by default - nothing but Django (security wise) I would look to do some basics:
1. Setup HTTPS/SSL by default
2. Disable admin on production - no admin no login problems 😊
3. Add Firewall (WAF)
4. Use secure login/passwords/2 step auth on servers etc
5. Setup a backup routine AND test it before going live
6. Check file/folder permissions are set correctly
7. Setup a robust testing platform
As you code you are asking yourself (not a full list) does my code cause/create opportunism for:
Cross-Site Request Forgery (CSRF)
Timing Attack
SQL Injection
CRLF Injection
Clickjacking Attack
Cross-Site Scripting (XSS)
...
If you are using Django templates its important to read up on correct tags and practices for example.
Is that a better answer? Let me know we can keep going 👍
@@veryacademy It is a great answer, thank you!
@@afaf6478 Please, anything else just ask