On Mar 17, 2010, at 3:35 PM, guillermooo wrote:
> autocomplete() is executed always, regardless whether the user has
> requested completions or not. The only early exit point of
> autocomplete() is reached if DJANGO_AUTO_COMPLETE is false. Otherwise,
> sys.exit(1) returns to the console. How is
On wo, 2010-03-17 at 11:10 -0700, Yuchen Zhou wrote:
> So does this ticket mean django now supports httponly cookies? And is
> it by default httponly?
> Or the application administrator has to turn it on?
The discussion on http://code.djangoproject.com/ticket/3304 indicates
that neither python
Hi,
Thanks for your response!
So does this ticket mean django now supports httponly cookies? And is
it by default httponly?
Or the application administrator has to turn it on?
Best,
On Mar 17, 11:49 am, Tom Evans wrote:
> On Wed, Mar 17, 2010 at 3:42 PM, Yuchen Zhou
On Wed, Mar 17, 2010 at 3:42 PM, Yuchen Zhou wrote:
> Hi,
>
> I'm a security researcher at the University of Virginia I have been
> looking into the use and adoption of http-only cookies. My advisor is
> professor David Evans.
>
> We were surprised to discover that Django
Hi,
I'm a security researcher at the University of Virginia I have been
looking into the use and adoption of http-only cookies. My advisor is
professor David Evans.
We were surprised to discover that Django does not explicitly supports
httponly cookie field. I have searched for some solution but
Thanks James,
I'll focus on this here and see what I can come up with.
Michael
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-develop...@googlegroups.com.
To unsubscribe from this group, send
i need to think more about russell's points before responding in full,
but i did want to briefly mention the following:
1. simply shortening the length of sessions doesn't prevent a user
with revoked access from seeing new and potentially sensitive data
created after the user's deactivation. if
>Internally, the autocompletion is done using the
> ManagementUtility.autocomplete() method, line 264 of
> django/core/management/__init__.py.
I've taken a look the code, but there a few details that I don't
understand.
autocomplete() is executed always, regardless whether the user has
requested
On Wed, Mar 17, 2010 at 3:46 PM, Russell Keith-Magee
wrote:
> On Wed, Mar 17, 2010 at 4:53 AM, Sean Brant wrote:
>> A co-worker of mine noticed this bug today
>> http://code.djangoproject.com/ticket/13125.
>> Should it be marked for 1.2 or punt it
On Wed, Mar 17, 2010 at 8:54 AM, Russell Keith-Magee
wrote:
>
> In the interim, there are two other ways you could limit your exposure
> to this problem (other than the obvious "write your own
> login_required" check):
>
> * Use a permissions check in addition to the
On Mar 15, 10:44 am, Yuri Baburov wrote:
> Hello all,
>
> How do you like the following idea:
> startproject command puts a fixture for django.contrib.sites (and
> fixture for superuser probably) to the root folder or whatever, to be
> loaded with syncdb?
> That way also
On Wed, Mar 17, 2010 at 6:30 AM, mattd wrote:
> interesting. i'm using the django-provided login form from 1.1,
> waiting for 1.2 to be released before using it.
>
> here's an example of my point: you run an internal tool for staff to
> discuss the topics of the day. a
On Wed, Mar 17, 2010 at 4:53 AM, Sean Brant wrote:
> A co-worker of mine noticed this bug today
> http://code.djangoproject.com/ticket/13125.
> Should it be marked for 1.2 or punt it until after the release
> candidate? It looks to be a bug so it could probably go in at
On Thu, Jan 21, 2010 at 1:28 PM, Gerry wrote:
> without using ModelForms? I really like the new Model validation but I
> don't
> like (nor think its very DRY) to override the save method for all of
> my models
> to just call full_clean(). It would be nice if there was
On Wed, Mar 17, 2010 at 1:00 AM, orokusaki wrote:
> Actually I'm not lying. Russell hasn't given me any feedback regarding
> my idea or patch. I didn't simply reopen tickets. Russell changed my
> ticket to a documentation ticket, so I opened a new ticket to discuss
>
On Mar 16, 10:16 am, Harro wrote:
> Just my brainfart when looking at this: Can't you simply add a pre
> save signal to call the full clean method?
>
> Dunno if that will work or not, just the first thing I would try.
>
> On Mar 16, 5:12 pm, James Bennett
On Mar 16, 10:12 am, James Bennett wrote:
> On Tue, Mar 16, 2010 at 10:36 AM, orokusaki wrote:
> > It doesn't seem that the core team is interested in working on Model
> > validation at the moment:http://code.djangoproject.com/ticket/13121
> >
17 matches
Mail list logo