Re: #27485 new New feature Allow ALLOWED_HOSTS to accept an IP-range / wildcard

On Sat, Nov 19, 2016 at 1:01 AM, Florian Apolloner wrote: > On Thursday, November 17, 2016 at 5:07:07 PM UTC+1, Tom Evans wrote: >> >> Or: >> from socket import gethostname, gethostbyname >> ALLOWED_HOSTS = [ gethostname(), gethostbyname(gethostname()), ] > > > That a) adds your hostname and b

Re: NIST password guidelines [was: vulnerability in password reset]

Hello, Django has had password validation built in as of 1.9. As far as I can see, all guidelines you refer to are already implemented there, and enabled by default in new projects. Could you elaborate on what changes you think we need to make? Erik > On 23 Nov 2016, at 16:21, William Hakizima

Re: [ANNOUNCE] Django security advisory: Vulnerability in password reset (master branch only)

While we are at it, could we implement these NIST new password guidelines into django? Just On Monday, November 21, 2016 at 3:13:21 PM UTC-6, Tim Graham wrote: > > We don't normally give security advis

Re: Question on how the Oracle backend creates queries

Doing that query in a shell will cause a repr() to be used which usually just shows the first 20 items or so, therefore it applies LIMIT 20 on databases supporting that, or that subselect with the rownumber on Oracle -- that is not really anything to worry about. Cheers, Florian On Wednesday,

Question on how the Oracle backend creates queries

This is more a question of understanding how things work than a issue I'm working with Django 1.9 and Oracle 12 and python 3.4 I have a model Resources When I do the following query to find all the uid's from matching resources in the Django shell * Resources.objects.filter(remote_source=sour

Re: Consider reverting or adding guidelines on how to use class based views for security sensitive features

I'm +1 with Baptiste, Ben, Josh and João. Also, Luke, you said : > 1. Recognise that CBVs are much harder to reason about, and therefore > require much more care. 2. Avoid using CBVs unless you really need them. > Just wanted to note that this means never. FBV vs CBV is a choice, there's re