Re: Porting _django_bash_completion to Windows Powershell

On Mar 17, 2010, at 3:35 PM, guillermooo wrote: > autocomplete() is executed always, regardless whether the user has > requested completions or not. The only early exit point of > autocomplete() is reached if DJANGO_AUTO_COMPLETE is false. Otherwise, > sys.exit(1) returns to the console. How is

Re: Regarding httponly cookies

On wo, 2010-03-17 at 11:10 -0700, Yuchen Zhou wrote: > So does this ticket mean django now supports httponly cookies? And is > it by default httponly? > Or the application administrator has to turn it on? The discussion on http://code.djangoproject.com/ticket/3304 indicates that neither python

Re: Regarding httponly cookies

Hi, Thanks for your response! So does this ticket mean django now supports httponly cookies? And is it by default httponly? Or the application administrator has to turn it on? Best, On Mar 17, 11:49 am, Tom Evans wrote: > On Wed, Mar 17, 2010 at 3:42 PM, Yuchen Zhou

Re: Regarding httponly cookies

On Wed, Mar 17, 2010 at 3:42 PM, Yuchen Zhou wrote: > Hi, > > I'm a security researcher at the University of Virginia I have been > looking into the use and adoption of http-only cookies. My advisor is > professor David Evans. > > We were surprised to discover that Django

Regarding httponly cookies

Hi, I'm a security researcher at the University of Virginia I have been looking into the use and adoption of http-only cookies. My advisor is professor David Evans. We were surprised to discover that Django does not explicitly supports httponly cookie field. I have searched for some solution but

Re: Model validation outside of ModelForms.

Thanks James, I'll focus on this here and see what I can come up with. Michael -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-develop...@googlegroups.com. To unsubscribe from this group, send

Re: logialogin_required does not check User.is_active

i need to think more about russell's points before responding in full, but i did want to briefly mention the following: 1. simply shortening the length of sessions doesn't prevent a user with revoked access from seeing new and potentially sensitive data created after the user's deactivation. if

Re: Porting _django_bash_completion to Windows Powershell

>Internally, the autocompletion is done using the > ManagementUtility.autocomplete() method, line 264 of > django/core/management/__init__.py. I've taken a look the code, but there a few details that I don't understand. autocomplete() is executed always, regardless whether the user has requested

Re: logialogin_required does not check User.is_active

On Wed, Mar 17, 2010 at 3:46 PM, Russell Keith-Magee wrote: > On Wed, Mar 17, 2010 at 4:53 AM, Sean Brant wrote: >> A co-worker of mine noticed this bug today >> http://code.djangoproject.com/ticket/13125. >> Should it be marked for 1.2 or punt it

Re: logialogin_required does not check User.is_active

On Wed, Mar 17, 2010 at 8:54 AM, Russell Keith-Magee wrote: > > In the interim, there are two other ways you could limit your exposure > to this problem (other than the obvious "write your own > login_required" check): > >  * Use a permissions check in addition to the

Re: Adding optional SITE_DOMAIN and SITE_NAME variables in settings.py

On Mar 15, 10:44 am, Yuri Baburov wrote: > Hello all, > > How do you like the following idea: > startproject command puts a fixture for django.contrib.sites (and > fixture for superuser probably) to the root folder or whatever, to be > loaded with syncdb? > That way also

Re: logialogin_required does not check User.is_active

On Wed, Mar 17, 2010 at 6:30 AM, mattd wrote: > interesting. i'm using the django-provided login form from 1.1, > waiting for 1.2 to be released before using it. > > here's an example of my point: you run an internal tool for staff to > discuss the topics of the day. a

Re: logialogin_required does not check User.is_active

On Wed, Mar 17, 2010 at 4:53 AM, Sean Brant wrote: > A co-worker of mine noticed this bug today > http://code.djangoproject.com/ticket/13125. > Should it be marked for 1.2 or punt it until after the release > candidate? It looks to be a bug so it could probably go in at

Re: Model validation outside of ModelForms.

On Thu, Jan 21, 2010 at 1:28 PM, Gerry wrote: > without using ModelForms? I really like the new Model validation but I > don't > like (nor think its very DRY) to override the save method for all of > my models > to just call full_clean(). It would be nice if there was

Re: Model validation outside of ModelForms.

On Wed, Mar 17, 2010 at 1:00 AM, orokusaki wrote: > Actually I'm not lying. Russell hasn't given me any feedback regarding > my idea or patch. I didn't simply reopen tickets. Russell changed my > ticket to a documentation ticket, so I opened a new ticket to discuss >

Re: Model validation outside of ModelForms.

On Mar 16, 10:16 am, Harro wrote: > Just my brainfart when looking at this: Can't you simply add a pre > save signal to call the full clean method? > > Dunno if that will work or not, just the first thing I would try. > > On Mar 16, 5:12 pm, James Bennett

Re: Model validation outside of ModelForms.

On Mar 16, 10:12 am, James Bennett wrote: > On Tue, Mar 16, 2010 at 10:36 AM, orokusaki wrote: > > It doesn't seem that the core team is interested in working on Model > > validation at the moment:http://code.djangoproject.com/ticket/13121 > >