On 4 August 2014 17:47, Florian Apolloner <[email protected]> wrote:
> > (eg credit card data could still get leaked, so you'd still have to > disable gzip). > This patch is entirely about preventing leakage of the CSRF token specifically; as I understand it (again, disclaimer) it should do that pretty effectively, but of course it will do nothing at all to stop leakage of any other data. > > What is wrong with xor+base64? Not that Vigenère cipher is complex, but we > have a pretty hard stance against implementing "crypto" on our own. > Nothing, really; that's probably what I would have used had FunkyBob not suggested the Vigenère cipher. That's a perfectly reasonable stance, and I can change the patch to do that if it's preferable. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAPkdtoxNCcXxpd-1bY3ayWG76pAckvU4wPACRJp5H3V04PEBJg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
