Hi,
I am Rohan Jain, a 4th (final) year B.Tech undergraduate Student
from Indian Institute of Technology, Kharagpur. I have been using
django since over a year and generally look into the code base to find
about various implementations. I have made attempts to make some minor
contributions and if
thing of value. Maybe some
one could work over that, even me if I get the time.
--
Rohan
On 23:40 +0530 / 31 Mar, Rohan Jain wrote:
> Hi,
>
> I am Rohan Jain, a 4th (final) year B.Tech undergraduate Student
> from Indian Institute of Technology, Kharagpur. I have been using
> djan
et turned away -- but absent of that, it's only fair that we be honest to
> you about your chances.
No worries. I am at a blame too for my own activity. I myself have
learnt a lot of interesting stuff from this. I would anyway be glad to
give something back to django.
-- Rohan
>
> Y
Hi Russel,
That is a good news for me. I have added a timeline and posted it over
melange.
Public Gist for the same: https://gist.github.com/2203174
-- Rohan
On 16:14 +0800 / 6 Apr, Russell Keith-Magee wrote:
>
> On 06/04/2012, at 3:54 PM, Rohan Jain wrote:
>
> > Hi Russel,
On 22:50 +0100 / 13 Apr, Luke Plant wrote:
> Hi Rohan,
>
> Sorry for the slow reply on this one, I've had a busy time recently.
> Please see my comments on some parts of this proposal.
No worries about this.
>
> On 31/03/12 19:10, Rohan Jain wrote:
> > Hi,
> >
I hosted a simple app which responds with the request details for
testing purposes:
https://request-mirror.herokuapp.com/
(source: https://github.com/crodjer/request-mirror)
On 12:05 -0700 / 18 Apr, Paul McMillan wrote:
> There seems to be some confusion about CORS (a hairy draft spec that
> is n
On 16:03 +0100 / 18 Apr, Luke Plant wrote:
> On 15/04/12 05:23, Rohan Jain wrote:
> > On 22:50 +0100 / 13 Apr, Luke Plant wrote:
> >> The reason for the strict referer checking under HTTPS is set out here:
> >>
> >> https://code.djangoproject.com/wiki/CsrfProt
Hi,
I am Rohan Jain, a student from Indian Institute of Technology,
Kharagpur. I'll be doing a Google Summer of Code project with django
this year under the title "Security Enhancements". As the title
suggests, it has something to do with Security Enhancements: like
impro
work
on the final fix.
- Start looking into resources useful for my project, like [The
Tangled Web][1].
Rohan Jain
[0]: https://code.djangoproject.com/ticket/18194
[1]: http://www.amazon.com/The-Tangled-Web-Securing-Applications/dp/1593273886
On Fri, Apr 27, 2012 at 6:54 PM, Rohan Jain wrote:
#78][1] over github.
Paul, could you please review it to see if the patches are usable.
Next, I'll make the changes which may be required in documentation
because of the above.
Today is official start date of the GSoC project, so I'll now start
concentrating more on the project now.
Roha
Hi all,
Recently, I have been working on some patches for
contrib.sessions. These include server side sessions expiry check
(#18194) and some other trivial changes. These changes are in the pull
request [#78][pull-78]
The expiry checks is be done in the base backend, i.e. inherited by
every backe
an initial implementation of these, changes in [pull
request #95][pull-95]. I'll now proceed to clean these up, writing
better tests and documentation for these. Also with these, we can
completely get rid of the cookie based CSRF check system.
--
Thanks
Rohan Jain
[fnmatch-docs]: http://docs.
ib.sessions are still
pending some feedback, at [pull-78].[3].
--
Thanks
Rohan Jain
[0]: https://github.com/crodjer/django/tree/purge-cookies
[1]: https://github.com/yarko/django
[2]: https://github.com/crodjer/django/commits/centralized-tokenization
[3]: https://github.com/django/django/pull/78
ng,
which is already being completely relied upon in case of the secure requests.
Or we could loose the possibility of permitted domains functionality and
implement both kinds of checks.
On 02:16 +0530 / 10 Jul, Rohan Jain wrote:
> Hi,
>
> This check-in is a little delayed. Meanwhile, I contin
On 11:06 +0100 / 23 Jul, Luke Plant wrote:
> On 23/07/12 08:07, Rohan Jain wrote:
> > ###CSRF Cookies (Time signed):
> >
> > - A random token generated by the server stored in the browser cookies. For
> >verification, every non get request will need to provi
On 19:46 +0100 / 23 Jul, Luke Plant wrote:
> On 23/07/12 14:24, Rohan Jain wrote:
> > With this, attacker won't be able to directly set arbitrary tokens on
> > other sub domains through cookies, they will need a signature of the
> > token with the form which is to be v
Hi,
Sorry for the delay in getting back. I was meanwhile working on
centralized tokenization for few days, while still trying to figure
something better for CSRF.
On 03:52 -0400 / 25 Jul, Alex Ogier wrote:
> On Tue, Jul 24, 2012 at 11:37 PM, Rohan Jain wrote:
> >
> > I ha
submit some
patches.
--
Thanks
Rohan Jain
[0]: https://github.com/crodjer/django/tree/centralized-tokenization
[1]:
https://github.com/crodjer/django/blob/centralized-tokenization/docs/topics/tokenization.txt
[2]: https://github.com/crodjer/django/tree/sessions-improvements
[3]: https://github.com/crod
oduler checkers for each kind of CSRF check, but
> > haven't got anything useful out of it yet. While progressing, it
> > seemed like I was virtually writing a middleware per checker, so now I
> > have moved on to attempt on CSRF cookie store. Basically something
> > wh
t's so near completion, as it looks like a nice bit of
> cleanup code!
>
> Andrew
>
> On Mon, Aug 20, 2012 at 2:49 PM, Rohan Jain wrote:
>
> > Hi,
> >
> > Today is the 'pencils down' date for this GSoC project. Past 4 months
> > have been a
into this great talk by James Bennett, titled
"Django in Depth": http://www.youtube.com/watch?v=t_ziKY1ayCo
--
Rohan Jain
On Mon, Jan 7, 2013 at 10:27 AM, Mayur Patil wrote:
> Hello there,
>
> I want to understand how to get deep insight into Django code?
>
> Thank Y
I am also trying to achieve something highly similar to this but in a
dilemma, for how to proceed. I have written a post about this:
http://www.rohanjain.in/blog/hosting-multiple-sites-with-same-django-project/.
Is there any existing big project following a similar concept?
--
You received thi
These are some auth settings and models I propose to account for the
generally
raised questions for auth.User flexibility.
Settings:
- AUTH_USER_EMAIL_UNIQUE
If the email should be unique for users. It is a rare case when a website
would have users sharing emails. It is more likely oth
23 matches
Mail list logo
