Re: [Django] #26464: Addition to the "Security in Django": Incremental URLs/Identifiers
#26464: Addition to the "Security in Django": Incremental URLs/Identifiers ---+-- Reporter: CrazyPython|Owner: nobody Type: New feature| Status: new Component: Documentation | Version: 1.9 Severity: Normal | Resolution: Keywords: | Triage Stage: Unreviewed Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 |UI/UX: 0 ---+-- Changes (by timgraham): * easy: 1 => 0 Comment: I've raised some ideas about this on the [https://groups.google.com/d/topic/django- developers/_Z6ZufcOmps/discussion django-developers mailing list]. -- Ticket URL: <https://code.djangoproject.com/ticket/26464#comment:3> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/069.2393fbd916e50105e8966567d1b8a645%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.
Re: [Django] #26464: Addition to the "Security in Django": Incremental URLs/Identifiers
#26464: Addition to the "Security in Django": Incremental URLs/Identifiers ---+-- Reporter: CrazyPython|Owner: nobody Type: New feature| Status: new Component: Documentation | Version: 1.9 Severity: Normal | Resolution: Keywords: | Triage Stage: Unreviewed Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 1 |UI/UX: 0 ---+-- Comment (by CrazyPython): > It includes advice on securing a Django-powered site. Maybe include it in "Additional security Topics"? -- Ticket URL: <https://code.djangoproject.com/ticket/26464#comment:2> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/069.59a8eccfe6eec94c467af887e4499d10%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.
Re: [Django] #26464: Addition to the "Security in Django": Incremental URLs/Identifiers
#26464: Addition to the "Security in Django": Incremental URLs/Identifiers ---+-- Reporter: CrazyPython|Owner: nobody Type: New feature| Status: new Component: Documentation | Version: 1.9 Severity: Normal | Resolution: Keywords: | Triage Stage: Unreviewed Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 1 |UI/UX: 0 ---+-- Changes (by timgraham): * needs_better_patch: => 0 * needs_tests: => 0 * needs_docs: => 0 Comment: As the introduction says, "This document is an overview of Django’s security features". How would you frame this issue as one of Django's features? -- Ticket URL: <https://code.djangoproject.com/ticket/26464#comment:1> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/069.9c1ae169e5c8b85e320e6bd961b2eff3%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.
[Django] #26464: Addition to the "Security in Django": Incremental URLs/Identifiers
#26464: Addition to the "Security in Django": Incremental URLs/Identifiers ---+ Reporter: CrazyPython| Owner: nobody Type: New feature| Status: new Component: Documentation |Version: 1.9 Severity: Normal | Keywords: Triage Stage: Unreviewed | Has patch: 0 Easy pickings: 1 | UI/UX: 0 ---+ Using incremental URLs (i.e. /comment/1 is the first comment and /comment/2 is the second comment, respectively for base 64 or other counting systems) is highly dangerous for private information. You could simply get all of the, say, private comments by accessing all comments sequentially and picking out the ones that are private. This can apply to confidential files (link sharing), personal information and more. There should be a section in the "Security in Django" about this. -- Ticket URL: <https://code.djangoproject.com/ticket/26464> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/054.473ebc98b80b5c87584ef5cb45381991%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.
