Installation | Topics | Beyond Lino

Security of Lino applications

When your Lino site is publicly accessible via Internet you should care about potential security issues.

Checklist

• Make sure that DEBUG is set to False.

• Make sure that use_ipdict is set to True in order to prevent brute force attacks.

• Set the use_security_features attribute to True in order to activate general security features.

• Consider enabling HTTP Strict Transport Security by setting SECURE_HSTS_SECONDS to a non-zero integer value.

• If you want users to sign in each time after having closed their browser sessions, set SESSION_EXPIRE_AT_BROWSER_CLOSE to True.

Notes

Lino does not yet support CSRF protection (#2389).

See also

• https://docs.djangoproject.com/en/5.2/topics/security/