On 23/07/12 14:24, Rohan Jain wrote:
> With this, attacker won't be able to directly set arbitrary tokens on
> other sub domains through cookies, they will need a signature of the
> token with the form which is to be verified against the cookie.
> Plus it also puts a limit on the duration a token
Hi Adam,
To avoid fragmenting the discussion, could you reply on the thread I
linked to on Python Security?
Thanks,
Luke
On 23/07/12 13:36, Adam "Cezar" Jenkins wrote:
> Now. I'm going to preface this with being that I am totally nieve about
> such things. Wouldn't it be nice if you could mark
On 11:06 +0100 / 23 Jul, Luke Plant wrote:
> On 23/07/12 08:07, Rohan Jain wrote:
> > ###CSRF Cookies (Time signed):
> >
> > - A random token generated by the server stored in the browser cookies. For
> >verification, every non get request will need to provide a signed
> > version of
> >
Now. I'm going to preface this with being that I am totally nieve about
such things. Wouldn't it be nice if you could mark a release on PyPI as a
security release and Pip could just do security updates? Somewhat like a
few Linux distributions do.
Of course that's a long term goal. A mailing list
Hi all,
I started a thread on the 'Python security' list about the need for a
place for 3rd party Django/Python libraries to announce security issues,
for the very common case of small libraries that wouldn't even have
their own mailing list - or would have a fraction of their user base
On 23/07/12 08:07, Rohan Jain wrote:
> ###CSRF Cookies (Time signed):
>
> - A random token generated by the server stored in the browser cookies. For
>verification, every non get request will need to provide a signed version
> of
>the same token. This can then be verified on the browser
Hi,
Centralized Tokenization:
I have merged the work already done for centralized-tokenization in
last djangocon at [yarko/django][0]. Since it there have been
significant amount of changes since then, merging and resolving
conflicts took a little more time then expected. As of now the tests
are