Security¶

Best Practices¶

1. Disable in Production¶

# settings.py
ORBIT = {
    'ENABLED': DEBUG,  # Only enable when DEBUG=True
}

2. Restrict Access¶

Orbit v0.3.0+ includes built-in support for access control via configuration.

# settings.py
ORBIT_CONFIG = {
    'ENABLED': True,
    'AUTH_CHECK': lambda request: request.user.is_staff,
    # Or strict superuser check:
    # 'AUTH_CHECK': lambda request: request.user.is_superuser, 
}

This is safer and easier than wrapping URLs manually.

3. Sensitive Data¶

Be careful with sensitive data in: - Request headers (authentication tokens) - Request bodies (passwords, PII) - SQL queries (personal data)

Reporting Security Issues¶

If you discover a security vulnerability, please email us directly instead of opening a public issue.

Stay secure! 🔒