Am 22.12.2009 um 08:20 schrieb Simon Willison:
> On Dec 22, 12:52 am, Johannes Dollinger
> wrote:
>> I'd like some more kwargs to Signer and TimestampSigner. Mostly
>> what's
>> inhttp://dpaste.com/136418/(except the `separator` kwarg, which was
>> a bad
Having talked to James about this I'm holding off on the commit until
we've had it reviewed by real cryptographers. I'll aim to get it in
before the 1.2 beta feature freeze.
Cheers,
Simon
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
On Dec 22, 6:22 am, Russell Keith-Magee
wrote:
> As far as the patch itself is concerned, looks good to me. My only
> other request would be a serving of dogfood - if we're going to
> include a signed cookie module, it would be nice to prove that it can
> actually be used
On Dec 22, 12:52 am, Johannes Dollinger
wrote:
> I'd like some more kwargs to Signer and TimestampSigner. Mostly what's
> inhttp://dpaste.com/136418/(except the `separator` kwarg, which was
> a bad idea as it depends on encode()): Signer(serializer=...)
On Tue, Dec 22, 2009 at 12:22 AM, Russell Keith-Magee
wrote:
> On Tue, Dec 22, 2009 at 8:00 AM, Simon Willison
> wrote:
>> I've made some changes based on the feedback in this thread:
>>
>>
On Tue, Dec 22, 2009 at 8:00 AM, Simon Willison wrote:
> I've made some changes based on the feedback in this thread:
>
> http://github.com/simonw/django/commit/802952bbb8b763e65ee545c6a8f39524b20e147c
> "Use sha('signer' + secret_key + salt) to derive the key for use in
On Dec 22, 1:52 pm, Johannes Dollinger
wrote:
> There's a small bug in b64_decode(), the padding should be
> r = len(s) % 4
> pad = '=' * (r and 4 - r or 0)
Or even simpler:
pad = '=' * (-len(s) % 4)
--
You received this message because
There's a small bug in b64_decode(), the padding should be
r = len(s) % 4
pad = '=' * (r and 4 - r or 0)
I'd like some more kwargs to Signer and TimestampSigner. Mostly what's
in http://dpaste.com/136418/ (except the `separator` kwarg, which was
a bad idea as it depends on
I've made some changes based on the feedback in this thread:
http://github.com/simonw/django/commit/802952bbb8b763e65ee545c6a8f39524b20e147c
"Use sha('signer' + secret_key + salt) to derive the key for use in
the
signature() method, addressing feedback from the django-developers
list"
The
On Dec 21, 2:40 pm, Russell Keith-Magee
wrote:
> * I'm not sure I like this being in django.utils. To me, it feels
> like something that should be in django.core - along with caching,
> serialization, etc, signing is a core piece of functionality that a
> website will
On Mon, Dec 21, 2009 at 7:43 PM, Simon Willison wrote:
> I've uploaded the patch for adding signing and signed cookies to
> Django:
>
> http://code.djangoproject.com/attachment/ticket/12417/ticket12417.diff
>
> You can also read the documentation directly on my GitHub
On Mon, Dec 21, 2009 at 8:00 AM, Luke Plant wrote:
> Rather than use 'settings.SECRET_KEY' as the default HMAC key,
> shouldn't we add a prefix so that any usage of SECRET_KEY can't be
> (potentially) used to attack other usages? We discussed this a while
> back. The new
On Monday 21 December 2009 11:43:19 Simon Willison wrote:
> The code has documentation and unit tests. The documentation isn't
> 100% complete - I need to improve the explanation of what signing
> is and why it is useful and document the new COOKIE_SIGNER_BACKEND
> setting which allows users to
I've uploaded the patch for adding signing and signed cookies to
Django:
http://code.djangoproject.com/attachment/ticket/12417/ticket12417.diff
You can also read the documentation directly on my GitHub branch:
http://github.com/simonw/django/blob/signed/docs/topics/signing.txt
14 matches
Mail list logo