Enable SESSION_COOKIE_SECURE by Default

Hi all. https://code.djangoproject.com/ticket/30314 > Per the documentation, "Leaving this setting off isn’t a good idea because an attacker could capture an unencrypted session cookie with a packet sniffer and use the cookie to hijack the user’s session." > > If it's not a good idea for

Re: Enable SESSION_COOKIE_SECURE by Default

On Wed, Apr 3, 2019 at 2:34 AM Carlton Gibson wrote: > Yes, super thanks. Breaking login in development would qualify as a good > *Why* yes.  > > I'll assume we're NOT going to do this, but anyone with input, please do > comment. > Historically I've done something along the lines of

Re: Enable SESSION_COOKIE_SECURE by Default

Hi Matthias, Yes, super thanks. Breaking login in development would qualify as a good *Why* yes.  I'll assume we're NOT going to do this, but anyone with input, please do comment. > (The same reasoning should probably be applied to CSRF_COOKIE_SECURE. Absolutely. And, soon, `LANGUAGE_`

Re: Enable SESSION_COOKIE_SECURE by Default

On Wed, Apr 3, 2019 at 10:02 AM Carlton Gibson wrote: > Hi all. > > https://code.djangoproject.com/ticket/30314 > > > Per the documentation, "Leaving this setting off isn’t a good idea > because an attacker could capture an unencrypted session cookie with a > packet sniffer and use the cookie

Re: Enable SESSION_COOKIE_SECURE by Default

On Wed, Apr 3, 2019 at 11:39 AM James Bennett wrote: > On Wed, Apr 3, 2019 at 2:34 AM Carlton Gibson > wrote: > >> Yes, super thanks. Breaking login in development would qualify as a good >> *Why* yes.  >> >> I'll assume we're NOT going to do this, but anyone with input, please do >> comment.

Re: Enable SESSION_COOKIE_SECURE by Default

Hi Carlton, Many production systems, including mine, are using HTTPS, which effectively blocks the capability of attackers from sniffing other people's cookies. Regards, Aldian Fazrihady On Wed, Apr 3, 2019 at 4:02 PM Carlton Gibson wrote: > Hi all. > >

Re: the design of django group permission should be optimized in django.contrib.auth.ModelBackend

I believe this change is merited and I would be happy to help if others are interested in working this. I have actually monkey-patched it a few times now for two reasons: a) I want more data fields on the group itself, or b) I want to implement nested groups MPTT's docs suggest one approach

Re: GSoC Proposal: Add Cross-DB JSONField, ArrayField, and HStoreField

same bro i am too, actually i have learned python in last semester and using djnago build a small project and trying to get more about django. if you dont mind can i ask question when i will stuck somewhere about django and you may ask to me if you will not getting we will try to understand what

Re: GSoC Proposal (FormSet Improvement)

On Wednesday, April 3, 2019 at 8:58:26 PM UTC+5:30, Carlton Gibson wrote: > > Hey Parth. > > Right. So, thanks for making the effort so far. Good. > > Can you add more detail about yourself. You've not contributed to Django > right? So the concern at this point would be whether you're able to

Re: GSoC Proposal (FormSet Improvement)

Yes sure I will try to update my proposal by tomorrow (4th April) night (IST +5:30), So please have a look at it once again, and suggest changes. Best Regards, PARTH PATIL On Wed, 3 Apr 2019, 9:23 pm Carlton Gibson, wrote: > Yes, just pseudo code — so when reviewing your proposal next week

Re: Enable SESSION_COOKIE_SECURE by Default

On Wed, Apr 3, 2019 at 4:31 AM Aldian Fazrihady wrote: > Many production systems, including mine, are using HTTPS, which > effectively blocks the capability of attackers from sniffing other people's > cookies. > Closing off opportunities to sniff cookies is more complex than just using HTTPS,

Re: GSoC Proposal: Add Cross-DB JSONField, ArrayField, and HStoreField

Hi Sage. Thanks for the proposal. It's looking OK. Couple of points: - There IS an Oracle implementation. See the ticket here: https://code.djangoproject.com/ticket/29821 - Something that looks like an ArrayField, yes. HStore... not so sure it's worth mimicking. - On the

Re: GSoC Proposal (FormSet Improvement)

Hey Parth. Right. So, thanks for making the effort so far. Good. Can you add more detail about yourself. You've not contributed to Django right? So the concern at this point would be whether you're able to fulfil the project. What's your experience with Django? (and if you want to implement

Re: GSoC Proposal (FormSet Improvement)

Yes, just pseudo code — so when reviewing your proposal next week it's easy to see that it'll be the right approach.  On Wednesday, 3 April 2019 17:51:18 UTC+2, PARTH PATIL wrote: > > > > On Wednesday, April 3, 2019 at 8:58:26 PM UTC+5:30, Carlton Gibson wrote: >> >> Hey Parth. >> >> Right.

Re: GSoC Proposal: Add Cross-DB JSONField, ArrayField, and HStoreField

Hi, Carlton. Thanks a lot for the feedback! Ah, yes, looks like I missed that Oracle implementation. I've updated my proposal accordingly. To summarize: - Added info about Oracle implementation (see 1.1) - Replaced 1 week of research with 1 week of writing tests and docs for POC

Re: Feature request (API): Add QuerySet of viewable pages or page_ids

Hi, I think this is a grand idea. On Tuesday, March 26, 2019 at 10:08:27 AM UTC-5, air-hand wrote: > > Hi everyone. > > I'm working with django cms, and needed permissions. > > CMS_PERMISSION is worked nice, but there is no method of "get viewable > pages". > > I need viewable pages for listing

Re: GSoC Proposal (FormSet Improvement)

I checked your contribution Parth, really good one! once you improve your proposal, try to focus more on form/formfield/formset/widget/admin/ related issues so that you have a better insight into what your proposal going to improve in those areas. And popular and useful extensions could be

Re: GSoC Proposal: Add Cross-DB JSONField, ArrayField, and HStoreField

Hi Sagar, That's cool! However, I am not quite sure what you meant. If you meant to ask questions on how to use Django, I think it's best to ask them in the django-users forum or the #django channel on IRC. I'm sure the community will be