Re: Attach a technincal html response to email on server error

[Adam Jenkins]

With email you can send and html email and text email in the same
email. You are basically sending and html "alternative" email and part
of a multi-part email.

That would be the best bet.

On Thu, Nov 10, 2011 at 3:03 PM, Ric  wrote:
> hi, i receive django email on 500 error.
>
> with that kind of mail is difficult to debug, because i don't have a
> lot of informations.
>
> it's much more simple to debug when i set DEBUG = True and i receive
> an html technical response.
> with that response i can read a lot of informations (like vars,
> request information, server settings and so on)
>
> my idea is to attach an html file, that is the very same response you
> got on error with DEBUG = True.
>
> this response has got no external dependencies (css and js are inline
> in the html), so it can be attached as a file in the email that is
> sended on server error.
>
> this is very simple to archieve, and developers can open it with the
> browser and see a lot of information.
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Django developers" group.
> To post to this group, send email to django-developers@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-developers+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/django-developers?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en.

Re: please reopen ticket 15567

[Adam Jenkins]

On Tue, Sep 13, 2011 at 12:42 PM, Wim Feijen  wrote:
> Hi, thanks for your quick responses!
>
> Flavio, Jan and Florian, it only "gives away information" when an
> attacker guesses both the username and the password right.

I think this is the correct approach. Give them the access warning on
correct login. It also seems to be the standard way to doing such
things in my experience.

>
> But if he can guess those right, he could already access the users
> information using the normal login! So giving this message does not
> change the danger. On the other hand, it would prevent lots of
> confusion.

We really shouldn't be confusing the end user. It's just bad design to do so.

>
> But we are repeating arguments here, so could you please read:
>
> http://groups.google.com/group/django-developers/browse_thread/thread/df19241a0b1a04ef
>
> before responding?
>
> Thanks!
>
> Wim
>
>
> On 13 sep, 19:23, Flávio Amieiro  wrote:
>> On Tue, Sep 13, 2011 at 2:16 PM, Cal Leeming [Simplicity Media Ltd]
>>
>>  wrote:
>> > +1, if the user/pass is entered, that user is entitled so know what its own
>> > permissions are.
>> > The error should give "You have insufficient access to this page" or
>> > something like that.
>>
>> The thing is: if someone does a brute force attack on '/admin/' and
>> gets this message back, they know there's a user with that
>> login/password in the system. Since brute force attacks using common
>> login/password pairs in this kinds of urls is so common, I think this
>> exposes your user more than necessary.
>>
>> -1
>
> --
> You received this message because you are subscribed to the Google Groups 
> "Django developers" group.
> To post to this group, send email to django-developers@googlegroups.com.
> To unsubscribe from this group, send email to 
> django-developers+unsubscr...@googlegroups.com.
> For more options, visit this group at 
> http://groups.google.com/group/django-developers?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en.

Re: please reopen ticket 15567

[Adam Jenkins]

+1 on making the error say more than incorrect username/password. That
is confusing. In regards to leaking information about the user. The
error message in general could be changed to something like this, of
course with better wording:

"Username and password incorrect or access to this page restricted".

The current status is that we are telling the user something this is
incorrect. I've actually run into this situation before where I had a
user reset their password a few times before coming to me.

On Tue, Sep 13, 2011 at 12:18 PM, Jan Schotsmans  wrote:
> I can imagine several situation where you would like the user not to know
> that, until they talk to an administrator.
> -1 for me too, both giving away user info and giving info to the user that
> would be better given by a talk to an administrator.
>
> 2011/9/13 Cal Leeming [Simplicity Media Ltd]
> 
>>
>> +1, if the user/pass is entered, that user is entitled so know what its
>> own permissions are.
>> The error should give "You have insufficient access to this page" or
>> something like that.
>> Cal
>>
>> On Tue, Sep 13, 2011 at 6:12 PM, Florian Apolloner 
>> wrote:
>>>
>>> -1, This would leak information about the users (But I am sure that's
>>> discussed at length in the other threads)
>>>
>>> --
>>> You received this message because you are subscribed to the Google Groups
>>> "Django developers" group.
>>> To view this discussion on the web visit
>>> https://groups.google.com/d/msg/django-developers/-/5iy7pazGNGkJ.
>>> To post to this group, send email to django-developers@googlegroups.com.
>>> To unsubscribe from this group, send email to
>>> django-developers+unsubscr...@googlegroups.com.
>>> For more options, visit this group at
>>> http://groups.google.com/group/django-developers?hl=en.
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django developers" group.
>> To post to this group, send email to django-developers@googlegroups.com.
>> To unsubscribe from this group, send email to
>> django-developers+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/django-developers?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers" group.
> To post to this group, send email to django-developers@googlegroups.com.
> To unsubscribe from this group, send email to
> django-developers+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-developers?hl=en.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en.

Re: PHP-inspired user-friendly in-browser DJango install

[Adam Jenkins]

On Tue, Sep 13, 2011 at 10:00 AM, h3  wrote:
> Most of them were competent developers, but they didn't see the point
> of learning a how to get started with Django because it seemed too
> complicated to setup and use for starters. So they preferred to stay
> in their comfort zone: PHP.

One option a third part could put time into to solve this issue is a
prebuilt machine. A wrapped up, distributable vagrant install. That
could easily take 90% of the complexity away.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en.

Re: Posting to the wrong list (was: Re: Need Django Developer urgent)

[Adam Jenkins]

On Fri, May 8, 2009 at 9:42 AM, Marcello Bontempo Salgueiro
 wrote:
> Don´t make a core list, put inside the dajngo site
> a new applet for register jobs, like have in the python.org[1]!!

djangogigs.com

On the point of name. I think using the word "contributer(s)" is the
best way to remove confusion. The word developer is too vague when
discussing a framework.

> Its simple and best for all! ;)
> hugs,
>
> Marcello Bontempo Salgueiro
>
> [1] http://python.org/community/jobs/
>
>
>
> - Original Message -
> From: "Dave Smith" 
> To: django-developers@googlegroups.com
> Subject: Re: Posting to the wrong list (was: Re: Need Django Developer
> urgent)
> Date: Fri, 8 May 2009 07:26:01 -0700
>
> On Fri, May 8, 2009 at 4:49 AM, Ned Batchelder 
> wrote:
>>
>> Add the word "core" to make the first sentence, "Discussion group for
>> Django core developers".
>
> Good idea, but I'd take it step farther. "Core" is just ambiguous enough
> outside the bubble that some people will still stop reading at the first
> sentence, satisfied that they've found the list they're looking for.
>
> How about:
>
>   "You're found the wrong list. You're probably looking for django-users
> unless you're interested in the development of the Django framework itself."
>
> Dave
>
>
>
>
>
>
> >
>

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to 
django-developers+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---

Re: The Django Book, and outdated information

[Adam Jenkins]

On Sat, Dec 6, 2008 at 11:54 AM, David Zhou <[EMAIL PROTECTED]> wrote:

>
> On Sat, Dec 6, 2008 at 10:02 AM, Ludvig Ericson
> <[EMAIL PROTECTED]> wrote:
> >
> > On Dec 6, 2008, at 09:07, David Zhou wrote:
> >> Is it possible to reword the introduction on the Django Book website
> >> (http://www.djangobook.com/) or perhaps somehow update it?
> >
> > I fail to see what this has to do with the development of Django.
>
> Documentation has been considered in the past to be part of Django
> development -- and I think the Django Book, with capital letters,
> written by two of the core team is pretty close to documentation.
>

I know this isn't much of a content rich message, but I agree.


>
> --
> ---
> David Zhou
> [EMAIL PROTECTED]
>
> >
>

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups 
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-developers?hl=en
-~--~~~~--~~--~--~---