Run any Skill in Manus with one click

django-security

Django security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations. Use when this capability is needed.

Run Skill in Manus

Overview

Django security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations. Use when this capability is needed.

Install command

npx skills add https://github.com/tomevault-io/tomes --skill django-security

Copy and paste this command into Claude Code to install the skill

Source

tomevault-io/tomes

Stars0

Forks0

UpdatedMay 3, 2026 at 03:31

SKILL.md

readonly

name	django-security
description	Django security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations. Use when this capability is needed.
metadata	{"author":"manikosto"}

Django Security Best Practices

Comprehensive security guidelines for Django applications.

When to Activate

Setting up Django authentication and authorization
Implementing user permissions and roles
Configuring production security settings
Reviewing Django application for security issues

Core Security Settings

# settings/production.py
DEBUG = False
ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', '').split(',')

SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_CONTENT_TYPE_NOSNIFF = True
X_FRAME_OPTIONS = 'DENY'

SESSION_COOKIE_HTTPONLY = True
CSRF_COOKIE_HTTPONLY = True

SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY')
if not SECRET_KEY:
    raise ImproperlyConfigured('DJANGO_SECRET_KEY required')

PASSWORD_HASHERS = [
    'django.contrib.auth.hashers.Argon2PasswordHasher',
    'django.contrib.auth.hashers.PBKDF2PasswordHasher',
]

SQL Injection Prevention

# GOOD: Django ORM automatically escapes
User.objects.filter(email__iexact=email)

# GOOD: Parameterized raw queries
User.objects.raw('SELECT * FROM users WHERE username = %s', [query])

# BAD: Never interpolate user input
User.objects.raw(f'SELECT * FROM users WHERE username = {username}')

Custom Permissions (DRF)

class IsOwnerOrReadOnly(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        return obj.author == request.user

API Rate Limiting

REST_FRAMEWORK = {
    'DEFAULT_THROTTLE_CLASSES': [
        'rest_framework.throttling.AnonRateThrottle',
        'rest_framework.throttling.UserRateThrottle'
    ],
    'DEFAULT_THROTTLE_RATES': {
        'anon': '100/day',
        'user': '1000/day',
    }
}

Quick Security Checklist

Check	Description
`DEBUG = False`	Never in production
HTTPS only	Force SSL, secure cookies
Strong secrets	Environment variables for SECRET_KEY
CSRF protection	Enabled by default, don't disable
XSS prevention	Auto-escapes, don't use `
SQL injection	Use ORM, never concatenate strings
Rate limiting	Throttle API endpoints
Security headers	CSP, X-Frame-Options, HSTS

Converted and distributed by TomeVault — claim your Tome and manage your conversions.

More from this repository

same repository

pr-review-coordinator

tomevault-io/tomes

Orchestrates PR review issue resolution by parsing review comments and dispatching to pr-issue-fixer subagents. Use when given a PR review summary, list of issues to fix, or when the user pastes review comments from CodeRabbit, Claude, Cursor, or similar tools. Use when this capability is needed.

2026-05-200

writing-graphql-operations

tomevault-io/tomes

Creates GraphQL queries and mutations using gql.tada and urql. Use when writing operations, implementing repositories, updating schema, or testing GraphQL code.

2026-05-200

understanding-saleor-domain

tomevault-io/tomes

Explains Saleor e-commerce domain and Configurator business rules. Use when working with entity identification (slug vs name), YAML config structure, entity relationships, deployment pipeline stages, or synchronization logic. Do NOT use for general TypeScript questions or non-Saleor e-commerce platforms. Use when this capability is needed.

2026-05-200

reviewing-typescript-code

tomevault-io/tomes

Reviews TypeScript code for project-specific quality patterns. Use when writing entities, services, repositories, comparators, formatters, bootstrap methods, deployment stages, diff support, or reviewing PRs with functional patterns. Do NOT use for general TypeScript tutorials or non-Configurator projects. Use when this capability is needed.

2026-05-200

product-modeling

tomevault-io/tomes

Product type design, attribute selection, and variant planning for Saleor. Use whenever user mentions products, variants, SKUs, attributes, catalogs, or product types. Not for YAML syntax (use configurator-schema) or CLI commands (use configurator-cli). Use when this capability is needed.

2026-05-200

managing-github-ci

tomevault-io/tomes

Configures GitHub Actions workflows and CI/CD pipelines. Use when creating workflow YAML, managing npm releases, troubleshooting CI failures, configuring Husky hooks, or setting up release automation. Do NOT use for local development commands or application code.

2026-05-200

Source

tomevault-io

tomevault-io/tomes

View GitHub Repository View Creator Repositories

Install command

Download

Run Skill in Manus

Useful forSOC

Software DevelopersComputer and Mathematical Occupations15-1252L4

name	django-security
description	Django security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations. Use when this capability is needed.
metadata	{"author":"manikosto"}

Django Security Best Practices

Comprehensive security guidelines for Django applications.

When to Activate

Setting up Django authentication and authorization
Implementing user permissions and roles
Configuring production security settings
Reviewing Django application for security issues

Core Security Settings

# settings/production.py
DEBUG = False
ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', '').split(',')

SECURE_SSL_REDIRECT = True
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True
SECURE_HSTS_SECONDS = 31536000
SECURE_HSTS_INCLUDE_SUBDOMAINS = True
SECURE_CONTENT_TYPE_NOSNIFF = True
X_FRAME_OPTIONS = 'DENY'

SESSION_COOKIE_HTTPONLY = True
CSRF_COOKIE_HTTPONLY = True

SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY')
if not SECRET_KEY:
    raise ImproperlyConfigured('DJANGO_SECRET_KEY required')

PASSWORD_HASHERS = [
    'django.contrib.auth.hashers.Argon2PasswordHasher',
    'django.contrib.auth.hashers.PBKDF2PasswordHasher',
]

SQL Injection Prevention

# GOOD: Django ORM automatically escapes
User.objects.filter(email__iexact=email)

# GOOD: Parameterized raw queries
User.objects.raw('SELECT * FROM users WHERE username = %s', [query])

# BAD: Never interpolate user input
User.objects.raw(f'SELECT * FROM users WHERE username = {username}')

Custom Permissions (DRF)

class IsOwnerOrReadOnly(permissions.BasePermission):
    def has_object_permission(self, request, view, obj):
        if request.method in permissions.SAFE_METHODS:
            return True
        return obj.author == request.user

API Rate Limiting

REST_FRAMEWORK = {
    'DEFAULT_THROTTLE_CLASSES': [
        'rest_framework.throttling.AnonRateThrottle',
        'rest_framework.throttling.UserRateThrottle'
    ],
    'DEFAULT_THROTTLE_RATES': {
        'anon': '100/day',
        'user': '1000/day',
    }
}

Quick Security Checklist

Check	Description
`DEBUG = False`	Never in production
HTTPS only	Force SSL, secure cookies
Strong secrets	Environment variables for SECRET_KEY
CSRF protection	Enabled by default, don't disable
XSS prevention	Auto-escapes, don't use `
SQL injection	Use ORM, never concatenate strings
Rate limiting	Throttle API endpoints
Security headers	CSP, X-Frame-Options, HSTS

Converted and distributed by TomeVault — claim your Tome and manage your conversions.