Dashboard¶
The Dashboard (horizon) is the OpenStack dashboard that provides users a self-service portal to provision their own resources within the limits set by administrators. These include provisioning users, defining instance flavors, uploading virtual machine (VM) images, managing networks, setting up security groups, starting instances, and accessing the instances through a console.
The Dashboard is based on the Django web framework, ensuring secure deployment practices for Django apply directly to horizon. This guide provides a set of Django security recommendations. Further information can be found by reading the Django documentation.
The Dashboard ships with default security settings, and has deployment and configuration documentation.
- Domain names, dashboard upgrades, and basic web server configuration
- HTTPS, HSTS, XSS, and SSRF
- Front-end caching and session back end
- Static media
- Passwords
- Secret key
- Cookies
- Cross Origin Resource Sharing (CORS)
- Debug
- Checklist
- Check-Dashboard-01: Is user/group of config files set to root/horizon?
- Check-Dashboard-02: Are strict permissions set for horizon configuration files?
- Check-Dashboard-03: Is
DISALLOW_IFRAME_EMBED
parameter set toTrue
? - Check-Dashboard-04: Is
CSRF_COOKIE_SECURE
parameter set toTrue
? - Check-Dashboard-05: Is
SESSION_COOKIE_SECURE
parameter set toTrue
? - Check-Dashboard-06: Is
SESSION_COOKIE_HTTPONLY
parameter set toTrue
? - Check-Dashboard-07: Is
PASSWORD_AUTOCOMPLETE
set toFalse
? - Check-Dashboard-08: Is
DISABLE_PASSWORD_REVEAL
set toTrue
? - Check-Dashboard-09: Is
ENFORCE_PASSWORD_CHECK
set toTrue
? - Check-Dashboard-10: Is
PASSWORD_VALIDATOR
configured? - Check-Dashboard-11: Is
SECURE_PROXY_SSL_HEADER
configured?