Dashboard¶
The Dashboard (horizon) is the OpenStack dashboard that provides users a self-service portal to provision their own resources within the limits set by administrators. These include provisioning users, defining instance flavors, uploading virtual machine (VM) images, managing networks, setting up security groups, starting instances, and accessing the instances through a console.
The Dashboard is based on the Django web framework, ensuring secure deployment practices for Django apply directly to horizon. This guide provides a set of Django security recommendations. Further information can be found by reading the Django documentation.
The Dashboard ships with default security settings, and has deployment and configuration documentation.
- Domain names, dashboard upgrades, and basic web server configuration
- HTTPS, HSTS, XSS, and SSRF
- Front-end caching and session back end
- Static media
- Passwords
- Secret key
- Cookies
- Cross Origin Resource Sharing (CORS)
- Debug
- Checklist
- Check-Dashboard-01: Is user/group of config files set to root/horizon?
- Check-Dashboard-02: Are strict permissions set for horizon configuration files?
- Check-Dashboard-03: Is
DISALLOW_IFRAME_EMBEDparameter set toTrue? - Check-Dashboard-04: Is
CSRF_COOKIE_SECUREparameter set toTrue? - Check-Dashboard-05: Is
SESSION_COOKIE_SECUREparameter set toTrue? - Check-Dashboard-06: Is
SESSION_COOKIE_HTTPONLYparameter set toTrue? - Check-Dashboard-07: Is
PASSWORD_AUTOCOMPLETEset toFalse? - Check-Dashboard-08: Is
DISABLE_PASSWORD_REVEALset toTrue? - Check-Dashboard-09: Is
ENFORCE_PASSWORD_CHECKset toTrue? - Check-Dashboard-10: Is
PASSWORD_VALIDATORconfigured? - Check-Dashboard-11: Is
SECURE_PROXY_SSL_HEADERconfigured?
