Re: Call for feedback: django.utils.signed and signed cookies

Mon, 21 Dec 2009 16:53:28 -0800 

There's a small bug in b64_decode(), the padding should be
        r = len(s) % 4
        pad = '=' * (r and 4 - r or 0)

I'd like some more kwargs to Signer and TimestampSigner. Mostly what's  
in http://dpaste.com/136418/ (except the `separator` kwarg, which was  
a bad idea as it depends on encode()): Signer(serializer=...) and  
TimestampSigner(ttl=...).
__
Johannes

Am 21.12.2009 um 12:43 schrieb Simon Willison:

> I've uploaded the patch for adding signing and signed cookies to
> Django:
>
> http://code.djangoproject.com/attachment/ticket/12417/ticket12417.diff
>
> You can also read the documentation directly on my GitHub branch:
>
> http://github.com/simonw/django/blob/signed/docs/topics/signing.txt
> http://github.com/simonw/django/blob/signed/docs/ref/request-response.txt#L224
> http://github.com/simonw/django/blob/signed/docs/ref/request-response.txt#L561
>
> Most of the code lives in django.utils.signed (the low-level signing
> API) but I've also added a get_signed_cookie() method to HttpRequest
> and a corresponding set_signed_cookie() method to HttpResponse:
>
> http://github.com/simonw/django/blob/signed/django/http/ 
> __init__.py#L84
> http://github.com/simonw/django/blob/signed/django/http/__init__.py#L406
> http://github.com/simonw/django/blob/signed/django/utils/signed.py
>
> The code has documentation and unit tests. The documentation isn't
> 100% complete - I need to improve the explanation of what signing is
> and why it is useful and document the new COOKIE_SIGNER_BACKEND
> setting which allows users to swap in their own cookie signing
> behaviour should they need to.
>
> Most importantly though, the implementation has not yet been peer
> reviewed by real cryptographers. With that in mind, would it be
> appropriate to check this in before the 1.2 freeze? We would certainly
> get the code reviewed before the final 1.2 release.
>
> Cheers,
>
> Simon
>
> --
>
> You received this message because you are subscribed to the Google  
> Groups "Django developers" group.
> To post to this group, send email to django-developers@googlegroups.com 
> .
> To unsubscribe from this group, send email to 
> django-developers+unsubscr...@googlegroups.com 
> .
> For more options, visit this group at 
> http://groups.google.com/group/django-developers?hl=en 
> .
>
>


--

You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-develop...@googlegroups.com.
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en.

Reply via email to