I've uploaded the patch for adding signing and signed cookies to Django: http://code.djangoproject.com/attachment/ticket/12417/ticket12417.diff
You can also read the documentation directly on my GitHub branch: http://github.com/simonw/django/blob/signed/docs/topics/signing.txt http://github.com/simonw/django/blob/signed/docs/ref/request-response.txt#L224 http://github.com/simonw/django/blob/signed/docs/ref/request-response.txt#L561 Most of the code lives in django.utils.signed (the low-level signing API) but I've also added a get_signed_cookie() method to HttpRequest and a corresponding set_signed_cookie() method to HttpResponse: http://github.com/simonw/django/blob/signed/django/http/__init__.py#L84 http://github.com/simonw/django/blob/signed/django/http/__init__.py#L406 http://github.com/simonw/django/blob/signed/django/utils/signed.py The code has documentation and unit tests. The documentation isn't 100% complete - I need to improve the explanation of what signing is and why it is useful and document the new COOKIE_SIGNER_BACKEND setting which allows users to swap in their own cookie signing behaviour should they need to. Most importantly though, the implementation has not yet been peer reviewed by real cryptographers. With that in mind, would it be appropriate to check this in before the 1.2 freeze? We would certainly get the code reviewed before the final 1.2 release. Cheers, Simon -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send email to django-developers+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
