Security of Lino applications

When your Lino site is publicly accessible via Internet you should care about potential security issues.

Checklist

  • Make sure that DEBUG is set to False.

  • Make sure that use_ipdict is set to True in order to prevent brute force attacks.

  • Set the use_security_features attribute to True in order to activate general security features.

  • Consider enabling HTTP Strict Transport Security by setting SECURE_HSTS_SECONDS to a non-zero integer value.

  • If you want users to sign in each time after having closed their browser sessions, set SESSION_EXPIRE_AT_BROWSER_CLOSE to True.

Notes

Lino does not yet support CSRF protection (#2389).