Fwd: HTTP/2 and WSGI

2014-09-19 Thread Russell Keith-Magee
Hi all, I have been contacted by Robert Collins, who is trying to get a working group together to discuss HTTP/2 and WSGI. Attached is the forwarded email from Robert with the kickoff details. Historically, Django hasn't been deeply involved in process of developing WSGI and related standards;

Re: Should reverse() return a Unicode string?

2014-09-19 Thread Jon Dufresne
On Fri, Sep 19, 2014 at 5:13 AM, Tom Christie wrote: > One point of clarity is that we ought to return the same type for each of > `reverse`, `request.path`, `request.get_full_path`, `request.path_info`, and > the values in the `request.GET` dictionary. Given that, the

Re: mod_security SQL injection rules and Django cookies

2014-09-19 Thread Nikolai Prokoschenko
Hello Carl, hello Florian, thank you for your both replies, I feel confident that we'll sort it out now. On Friday, September 19, 2014 5:56:08 PM UTC+2, Carl Meyer wrote: I can't say for sure without checking, but I would be very surprised if > anything in Django's session code has a hard

Re: mod_security SQL injection rules and Django cookies

2014-09-19 Thread Carl Meyer
Hi Nikolai, On 09/19/2014 05:50 AM, Nikolai Prokoschenko wrote: > the people responsible for the Apache part of our Django application > have recently introduced a policy for mandatory use of mod_security with > OWASP ruleset. The SQL injection rule [1], has raised their attention, > because it

Re: Should reverse() return a Unicode string?

2014-09-19 Thread Tom Christie
One point of clarity is that we ought to return the same type for each of `reverse`, `request.path`, `request.get_full_path`, `request.path_info`, and the values in the `request.GET` dictionary. Given that, the answer is clearly "it should be a string". It's also a little unclear to me what

Re: mod_security SQL injection rules and Django cookies

2014-09-19 Thread Florian Apolloner
Hi Nikolai, On Friday, September 19, 2014 1:50:33 PM UTC+2, Nikolai Prokoschenko wrote: > > 1. Has there been some security audit in the past which confirmed that > session ID handling inside Django is not vulnerable to SQL injection > attacks? > Nothing public that I am aware of, no. 2. Can

mod_security SQL injection rules and Django cookies

2014-09-19 Thread Nikolai Prokoschenko
Hello, (disclaimer: it's a security question and I don't have any proper expertise in this area, so please bear with me) the people responsible for the Apache part of our Django application have recently introduced a policy for mandatory use of mod_security with OWASP ruleset. The SQL

Re: Loading timezone naive data into your test database with USE_TZ = True

2014-09-19 Thread Aymeric Augustin
2014-09-18 23:29 GMT+02:00 Wim Feijen : > Timezones confuse me, maybe Aymeric can answer this one if he has time? > I've bookmarked this thread to answer at some point but I have some work-related matters to deal with first. -- Aymeric. -- You received this message because