Security¶
client-direct
makes use of built-in security measures of Django, in terms of accounts, logging-in and Cross site scripting,
SQL injection, and Clickjacking protections.
It is important that client-direct
is provided with a strong secret key that is kept private. This can be done using the
DJANGO_SECRET_KEY environment variable see Running cardiacmodelling/ap-nimbus-client-direct.
Note
The docker component is not set-up to use https. Therefore it is strongly recommended that a webserver such
as apache or nginx using https is used to proxy external requests to the client-direct
component.
Due to the lack of security features it is NOT recommended to expose the app-manager
over the internet.