This list of resources is meant as a companion to the talk I gave at DjangoCon 2012, but it should stand on its own as a useful list for Django developers.
What are “best practices,” anyway? The internet loves to debate these things. For us, think of it as the collective team knowledge, condensed into things like docs; shared, reviewed libraries; application templates; code review standards; and user experience guidelines.
- Playdoh – Our application template.
- Funfactory – Core of our shared stuff, base settings.
- django-sha2 – HMAC+Bcrypt password storage.
- Bleach – HTML sanitizer and link-finder.
- django-session-csrf – Better CSRF for subdomains.
- django-ratelimit – Ratelimiting decorator.
- commonware – Some other useful middleware and monkeypatches.
- tower – Our wrapper around Babel.
- jingo – Our adapter to use Jinja2 templates, with some built-in filters.
- cef – Common Event Format logger for security events.
- django-csp – CSP header tool.
- CSRF – Django’s CSRF protection.
- X-Frame-Options – X-Frame-Options tools.
- Secure Sessions – Set session cookies for HTTPS only.