From 8aca2504df9d7d3c1244d1632f6cad45afa60115 Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Wed, 22 May 2013 21:12:55 -0400 Subject: [PATCH] Fixed #20080 - Recommended use of PYTHONHASHSEED Thanks jacob for the suggestion and ryankask for the patch. --- docs/howto/deployment/checklist.txt | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/howto/deployment/checklist.txt b/docs/howto/deployment/checklist.txt index b72be75497..4498c78e3f 100644 --- a/docs/howto/deployment/checklist.txt +++ b/docs/howto/deployment/checklist.txt @@ -212,3 +212,18 @@ Miscellaneous -------------------------------- This setting is required if you're using the :ttag:`ssi` template tag. + +Python Options +============== + +If you're using Python 2.6.8+, it's strongly recommended that you invoke the +Python process running your Django application using the `-R`_ option or with +the :envvar:`PYTHONHASHSEED` environment variable set to ``random``. + +These options help protect your site from denial-of-service (DoS) +attacks triggered by carefully crafted inputs. Such an attack can +drastically increase CPU usage by causing worst-case performance when +creating ``dict`` instances. See `oCERT advisory #2011-003 +`_ for more information. + +.. _-r: http://docs.python.org/2.7/using/cmdline.html#cmdoption-R