DEV Community

loading...

Django-Honeypot

ashrafZolkopli
Full stack dev to be, Using this platform to share and also document my 100 days coding challenge.
・1 min read

We made it so we can catch bad guys that try to access our Admin site, but not how about we make so that all of our site form able to catch the bad guy? Sound like a cool proposal right.

Usually, attacker will use a bot to try and crack our web app. One solution is to also include a honeypot everywhere there is a form. This will not deter all of the bot but adding that extra layer of security will not hurt right. Honestly, so far we made it so that we have incremental security measure in place.

I think this is where I should say that, in security terms, there is nothing that is truly secure but we need to just slowdown the attack as much as we can to the point it doesn't make any sense for the attacker to continue.

Installing django-honeypot

pipenv install django-honeypot
pipenv lock -r > requirements.txt
Enter fullscreen mode Exit fullscreen mode

Configuring django-honeypot

INSTALLED_APPS = [
    #...

    # django-honeypot
    'honeypot',
    #...
]
Enter fullscreen mode Exit fullscreen mode

if you want to activate the honeypot web app wide, the easiest way was to use a middleware provided by django-honeypot

MIDDLEWARE = [
    #...

    # Django-honeypot
    # https://pypi.org/project/django-honeypot/
    'honeypot.middleware.HoneypotMiddleware',

    #...
]
Enter fullscreen mode Exit fullscreen mode

lastly add this variable to your settings.py file

# Django-honeypot
# https://pypi.org/project/django-honeypot/
HONEYPOT_FIELD_NAME = "secret_key"
Enter fullscreen mode Exit fullscreen mode

End

As of right now I feel that we made our web app a bit safer. I'm not gonna say that our code is safe from any bot attack but at least the normal to medium type bot.

Discussion (0)