On 08/28/2014 12:45 AM, Yo-Yo Ma wrote: > +1 on basically adding the functionality of checksecure to the default > validation. > > -1 to adding the middleware.
This doesn't make sense to me. Half the checks that checksecure performs are related to whether you've turned on functionality from the middleware. If you don't have the middleware, then you can't add those checks either; how can you add a check for "do you have this setting set which doesn't do anything?" I do have some questions about how to "group" middleware; i.e. does it make sense to have a single SecurityMiddleware (like that in django-secure) that does a bunch of different things depending on settings toggles? Or separate middleware for each individual feature, following the lead of XFrameOptionsMiddleware (a django-secure feature which has already been independently added to Django)? Or going the other direction, just forget SecurityMiddleware and add all the various togglable bits of functionality to CommonMiddleware? I don't have a clear idea what the best approach is here, just raising it as a question. Thanks Tim for taking on this project! Carl -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/53FFADFD.4040609%40oddbird.net. For more options, visit https://groups.google.com/d/optout.
