Re: Benchmarking 1.5 vs 1.6

2013-09-14 Thread Curtis Maloney
Hey, thanks for that! It would be nice to have something that would chart this over time... something like some people have set up for GCC. I've never been able to get djangobench to give meaningful results, otherwise I'd do it. Mmm... perhaps I've just found a use for my odroid :) -- Curtis

Re: [GSoC] Revamping validation framework and merging django-secure once again

2013-09-14 Thread Christopher Medrela
> > 4. More important changes in code: >> >> - Introduced RAW_SETTINGS_MODULE [1]. I use it in compatibility checks to >>> test >> >> if `TEST_RUNNER` setting was overriden [2]. >> >> > > Have a look at the internals of the diffsettings management command -- I'm >> not sure

Benchmarking 1.5 vs 1.6

2013-09-14 Thread Anssi Kääriäinen
I just ran djangobench comparing 1.5 to 1.6. The biggest thing seems to be form_create bechmark, the average is 15x slower. But for some reason the minimum runtime is just 1.16x slower. This seems a bit strange. This might be worth more investigation. Otherwise there doens't seem to be

Set a reasonable upper bound on password length

2013-09-14 Thread Josh Wright
Currently there is no restriction on the length of passwords accepted by the login form. Assuming someone is using an appropriately expensive hashing function for passwords, this means an attacker can chew through a _lot_ of CPU pretty easily, just by sending huge junk passwords. Setting an