Skip to main content

Overview

This page documents all Django settings used in the Proyecto application. The settings module is located at proyecto/settings.py and controls application behavior, security, database connections, and more.
Security Critical: Several settings in this file are security-sensitive and must be properly configured for production deployments.

Security Settings

SECRET_KEY

SECRET_KEY
string
required
Django’s secret key used for cryptographic signing. This key is used for session management, password reset tokens, and other security features.
proyecto/settings.py
SECRET_KEY = 'django-insecure-w5+n*kz&-_fw)h@yrei%7ax@^7c(v5hhoed5wagon52#p8%7b-'
Production Warning: The default secret key shown above is for development only. You MUST generate a new secret key for production and keep it secret. Never commit production secret keys to version control.

DEBUG

DEBUG
boolean
required
Enables or disables debug mode. When True, Django displays detailed error pages with full traceback information.
DEBUG = True
Production Warning: DEBUG must be set to False in production. Leaving it True exposes sensitive configuration and code information to attackers.

ALLOWED_HOSTS

ALLOWED_HOSTS
list[string]
required
List of host/domain names that Django will serve. This is a security measure to prevent HTTP Host header attacks.
ALLOWED_HOSTS = ['192.168.100.102', '127.0.0.1']
In production, update this list to include your actual domain names and IP addresses. You can use ['*'] for development, but never in production.

Application Configuration

INSTALLED_APPS

INSTALLED_APPS
list[string]
required
List of all Django applications that are activated in this Django instance.
INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    'CTP',  # Main application module
]
The CTP app is the main application module containing:
  • Models for projects, tasks, and team members
  • Views for all CRUD operations
  • Forms for data input
  • Templates for UI rendering

MIDDLEWARE

MIDDLEWARE
list[string]
required
Middleware components that process requests and responses in order.
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
Key middleware components:
  • SecurityMiddleware: Provides several security enhancements
  • SessionMiddleware: Enables session support
  • CsrfViewMiddleware: Protects against Cross-Site Request Forgery attacks
  • AuthenticationMiddleware: Associates users with requests
  • ClickjackingMiddleware: Prevents clickjacking via X-Frame-Options header

ROOT_URLCONF

ROOT_URLCONF
string
required
Python path to the root URL configuration module.
ROOT_URLCONF = 'proyecto.urls'

Session Configuration

SESSION_COOKIE_AGE
integer
required
Age of session cookies in seconds. Controls how long users stay logged in.
SESSION_COOKIE_AGE = 300  # 5 minutes
The default setting of 300 seconds (5 minutes) provides enhanced security by automatically logging out inactive users. Adjust this value based on your security requirements.

SESSION_EXPIRE_AT_BROWSER_CLOSE

SESSION_EXPIRE_AT_BROWSER_CLOSE
boolean
required
Whether to expire the session when the user closes their browser.
SESSION_EXPIRE_AT_BROWSER_CLOSE = True

Database Configuration

DATABASES

DATABASES
dict
required
Dictionary containing database connection settings. Proyecto uses PostgreSQL.
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql_psycopg2',
        'NAME': 'Proyecto',
        'USER': 'postgres',
        'PASSWORD': '1204',
        'HOST': 'localhost',
        'PORT': '5432',
        'ATOMIC_REQUESTS': True,
    }
}
Database Parameters:
ENGINE
string
Database backend to use. Set to django.db.backends.postgresql_psycopg2 for PostgreSQL.
NAME
string
Database name. Default is 'Proyecto'.
USER
string
Database user for authentication.
PASSWORD
string
Database password for authentication.
HOST
string
Database host. Use 'localhost' for local development.
PORT
string
Database port. PostgreSQL default is '5432'.
ATOMIC_REQUESTS
boolean
When True, wraps each view in a database transaction. This ensures data integrity by rolling back all database changes if any exception occurs.
Never hardcode database credentials in production. Use environment variables instead. See the Production Deployment guide for details.

Templates Configuration

TEMPLATES

TEMPLATES
list[dict]
required
Template engine configuration. Proyecto uses Django’s built-in template engine.
TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [os.path.join(BASE_DIR, 'templates')],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]
  • DIRS: Additional directories to search for templates
  • APP_DIRS: Whether to look for templates in app directories
  • context_processors: Functions that add variables to template context

Authentication Settings

Password Validation

AUTH_PASSWORD_VALIDATORS
list[dict]
required
List of validators that check password strength and security.
AUTH_PASSWORD_VALIDATORS = [
    {'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'},
    {'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator'},
    {'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator'},
    {'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'},
]
These validators ensure:
  1. Password is not too similar to user attributes
  2. Password meets minimum length requirements
  3. Password is not a commonly used password
  4. Password is not entirely numeric

Login/Logout Redirects

LOGIN_REDIRECT_URL
string
URL to redirect to after successful login.
LOGOUT_REDIRECT_URL
string
URL to redirect to after logout.
LOGIN_REDIRECT_URL = '/'
LOGOUT_REDIRECT_URL = '/'

Static and Media Files

Static Files

STATIC_URL
string
required
URL prefix for static files (CSS, JavaScript, images).
STATICFILES_DIRS
tuple
required
Additional directories where Django looks for static files.
STATIC_URL = '/static/'
STATICFILES_DIRS = (
    BASE_DIR / 'static',
)

Media Files

MEDIA_URL
string
required
URL prefix for user-uploaded media files.
MEDIA_ROOT
Path
required
Filesystem path where uploaded media files are stored.
MEDIA_URL = '/media/'
MEDIA_ROOT = BASE_DIR / 'media'

Internationalization

Language and Timezone

LANGUAGE_CODE
string
required
Default language code for the application.
TIME_ZONE
string
required
Default timezone for the application.
LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True
  • USE_I18N: Enable Django’s translation system
  • USE_L10N: Enable localized formatting of data
  • USE_TZ: Enable timezone support

Other Settings

WSGI_APPLICATION

WSGI_APPLICATION
string
required
Python path to the WSGI application object used by Django’s development server and WSGI deployments.
WSGI_APPLICATION = 'proyecto.wsgi.application'

DEFAULT_AUTO_FIELD

DEFAULT_AUTO_FIELD
string
required
Default primary key field type for models that don’t specify one.
DEFAULT_AUTO_FIELD = 'django.db.models.BigAutoField'

Production Configuration Checklist

When deploying to production, review and update these settings:

Security Settings

  • Set DEBUG = False
  • Generate new SECRET_KEY
  • Update ALLOWED_HOSTS
  • Use HTTPS

Database

  • Use environment variables
  • Set up connection pooling
  • Configure backups
  • Use strong passwords

Static Files

  • Run collectstatic
  • Configure web server
  • Enable compression
  • Set up CDN (optional)

Sessions & Security

  • Adjust SESSION_COOKIE_AGE
  • Enable CSRF protection
  • Configure CORS if needed
  • Set security headers

See Also

Build docs developers (and LLMs) love

Get started for freeTalk to us