How can I secure a Django site -

How can I secure a Django site -

i have working django site - up-and-live, working fine. uses django's contrib.auth authentication. it's hosted on heroku. set clone of site demo purposes, add together layer of security around site, simple password-protection. doesn't have bulletproof or unhackable - plenty set 'muggles' off trying.

this authorisation layer should not in way interfere site auth itself. it's outer ring (check once, store access rights in session). because site hosted on heroku not can @ web server level - has part of app itself.

my nuclear alternative create django app (working title 'perimeter') enforce this, if knows way this, grateful.

core features include:

some mechanism generating short tokens (< 8 chars) some mechanism logging tokens against email address prompt users token / email combination on first access of site unrestricted access site thereafter (standard auth model kicks in @ point)

typical user journey is:

bob asks site owner (me) access demo site i generate token bob , send him along site url bob clicks on link, gets redirected page input email , token if token valid (expires after x hours / days), store in session, allow bob in. if token not valid, 403 (/401).

(you may wonder why securing re-create of website public makes sense. it's because site members-only site, , on demo version 'auto-enroll' people can see it's within site without having access real data. however, able track users on it.)

[update: alternative]

a blunt alternative add together token url send bob, ignore email, , validate token itself. work long bob uses url in email.

i have created own solution - meet django-perimeter.

this app isn't packaged (yet) you'll need clone source , add together in manually own django site, work. provides ability generate access tokens, , secure access site (the entire site, not parts of it) using tokens.

[update]

this available via pypi - http://pypi.python.org/pypi/django-perimeter

you can install using pip install django-perimeter

django