Fixed #20080 - Recommended use of PYTHONHASHSEED

Thanks jacob for the suggestion and ryankask for the patch.
author: Tim Graham <timograham@gmail.com> 2013-05-22 21:12:55 -0400
committer: Tim Graham <timograham@gmail.com> 2013-05-23 08:16:03 -0400
commit: 8aca2504df9d7d3c1244d1632f6cad45afa60115 (patch)
tree: adbc1731a169e3d6e786e84520af96ad43fad115 /docs/howto
parent: b664cb818d2e5896df2763299ea2c61a9af069a8 (diff)
download: django-8aca2504df9d7d3c1244d1632f6cad45afa60115.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/docs/howto/deployment/checklist.txt b/docs/howto/deployment/checklist.txt
index b72be75497..4498c78e3f 100644
--- a/docs/howto/deployment/checklist.txt
+++ b/docs/howto/deployment/checklist.txt
@@ -212,3 +212,18 @@ Miscellaneous
 --------------------------------
 
 This setting is required if you're using the :ttag:`ssi` template tag.
+
+Python Options
+==============
+
+If you're using Python 2.6.8+, it's strongly recommended that you invoke the
+Python process running your Django application using the `-R`_ option or with
+the :envvar:`PYTHONHASHSEED` environment variable set to ``random``.
+
+These options help protect your site from denial-of-service (DoS)
+attacks triggered by carefully crafted inputs. Such an attack can
+drastically increase CPU usage by causing worst-case performance when
+creating ``dict`` instances. See `oCERT advisory #2011-003
+<http://www.ocert.org/advisories/ocert-2011-003.html>`_ for more information.
+
+.. _-r: http://docs.python.org/2.7/using/cmdline.html#cmdoption-R
author	Tim Graham <timograham@gmail.com>	2013-05-22 21:12:55 -0400
committer	Tim Graham <timograham@gmail.com>	2013-05-23 08:16:03 -0400
commit	8aca2504df9d7d3c1244d1632f6cad45afa60115 (patch)
tree	adbc1731a169e3d6e786e84520af96ad43fad115 /docs/howto
parent	b664cb818d2e5896df2763299ea2c61a9af069a8 (diff)
download	django-8aca2504df9d7d3c1244d1632f6cad45afa60115.tar.gz