Shynet is a Django-based privacy-first analytics platform. Hardening should prioritize Django security settings, admin access control, and secure DB deployment.
- Set a strong
SECRET_KEY and keep it out of source control.
- Configure
ALLOWED_HOSTS explicitly.
- Enable secure proxy/TLS settings (
SECURE_SSL_REDIRECT, secure cookies).
- Run with
DEBUG=False in production.
¶ 2) Restrict admin and API access
- Protect admin panel with strong credentials and optional SSO.
- Limit admin endpoint access by IP/VPN when possible.
- Disable open registration if private analytics only.
- Rotate API tokens and remove stale users.
¶ 3) Harden backend and data handling
- Keep PostgreSQL private and authenticated.
- Restrict Redis (if used) to local/private network.
- Apply retention limits for event data.
- Encrypt backups containing analytics data.
¶ Verification commands
grep -E 'SECRET_KEY|ALLOWED_HOSTS|DEBUG|SECURE_' /opt/shynet/.env
sudo ss -tulpn | grep -E ':8000|:443|:5432|:6379'
docker compose -f /opt/shynet/docker-compose.yml logs --tail=200 | grep -Ei 'forbidden|csrf|auth'
- Shynet repository/docs: https://github.com/milesmcc/shynet
- Django deployment checklist: https://docs.djangoproject.com/en/stable/howto/deployment/checklist/