Hi,
I’m a Django noob. I created my first web app which is kind of a library of fishing related articles.
Django is a very interesting tool. However it takes some time to figure out how to use it.
6 Likes
It looks really nice. Well done 
1 Like
For a noob, it looks very nice, good job 
1 Like
Thanks. I’m new to Django but I was building sites with php before.
not bad but you sure can do much more better.
I too came from PHP and the reason why I love Django is because it is like PHP but much much much more better and secured.
I developed my app which I host at home locally purely with Django full stack.
Nicely done! The Security Nerd in me shutters when I saw the /admin page exposed 
You mean I should change admin panel url? Or you mean you can enter the admin panel?!
In general, yes, this is something you’d want to do on a publicly-visible site. There’s no requirement that you use the following for your admin app:
path("admin/", admin.site.urls),
You can replace the “admin/” with just about anything else that’s not going to create a conflict with any other urls.
(I would suggest something that provides no information or suggestion that it might even be an admin-type section.)
“Security by obscurity” doesn’t make it secure against a targeted attack, but it does discourage or avoid the people running scripts against random DNS names or IP addresses trying to find any site with an open vulnerability.
2 Likes
My admin is at “myadmin/”.
Is that too simple a change or is any change sufficient?
Any change is going to be good. Overall, it’s less an issue of the “simplicity” of the change than it is the possibility that there’s some other public package exposing that as a url with a potential vulnerability.
For example, I would never set it to “phpmyadmin”, because there is another well-known package using that base url name, and it attracts a lot of attention by itself, so it’s a url that is going to be tested by most scripts.
In the ideal world, you would be monitoring your logs for all the URLs being requested that result in a 404. Those are the ones you want to avoid.
Any packages designed to help with that specifc idea?
There are some, like logstash. Our current needs (my current employer and my personal needs) are much more limited and targeted though, and so we haven’t gone that far (yet - this situation may change this year). I’ve also worked with Splunk in the past for this type of application.
But you really don’t need to go that far, depending upon what the information is that you’re trying to acquire. You can go a long way with standard unix-style tools like (g)awk, grep, sed, and sort.
It looks really nice for a first web app. Congratulations!
Could you spare sometime to show me how to make Django creates full UR pattern for a post, such as: https://www.fishingbook.net/**washington**/winter-steelhead-fishing-in-washington?
That means, :
- 1st part: Domain name.
- 2nd part: Category / Parent class / Foreign Key class.
- 3rd part: Specific page URL.
E.g.:
urlpatterns = [
path(‘slug:book_slug>/slug:chapter_slug/’, views.ChapterContentView.as_view(), name=‘chapter-content’),
]
I’ve been stuck at this for a few days.
1 Like
a very nice web app, go for it.
1 Like
This is actually a nice job.