The attacker can have access to the password hash but no longer to the last
login. if that same attacker is exploiting a vulnerability that gets
patched just after (ex. Heartbleed) or has view on past data (ex. backups)
But if you can anyway craft a valid session cookie with the secret key
(Wh
You could probably also just monkey patch like so:
from django.db.models import Manager, QuerySet
Manager.ident = QuerySet.ident = lambda self, pk: self.get(pk=pk)
On Wed, Nov 7, 2018 at 3:33 PM C. Kirby wrote:
> I bit the bullet and put together a small app to handle this, with maybe
> even le
SECRET_KEY is the closest thing Django has to a “root password”. That’s why
we emphasize keeping it secret — someone who knows your SECRET_KEY can
effectively do anything to your site anyway. For example, they could
produce valid session cookies for any user, and then just hop in the admin
interfac
Would you consider the *secret* key to not be unpredictable?
On Wed, 7 Nov 2018, 21:22 Alex Toussaint
> Hello,
>
> I'd like to discuss about Django's password reset token functionality.
>
> I've been able, with a simple Python script, from having read-only access
> to my Django webserver to a ful
Hi there,
On Wednesday, November 7, 2018 at 10:22:06 PM UTC+1, Alex Toussaint wrote:
>
> I've been able, with a simple Python script, from having read-only access
> to my Django webserver to a full read-write by crafting a reset token.
>
To be honest that script is weird at best; if you have ac
Hello,
I'd like to discuss about Django's password reset token functionality.
I've been able, with a simple Python script, from having read-only access
to my Django webserver to a full read-write by crafting a reset token.
Isn't it one of the main goals of hashing passwords ? Protecting from
I bit the bullet and put together a small app to handle this, with maybe
even less typing. It monkey patches all installed models so you can run
Model.ident_(pk)
Can be found at https://github.com/ckirby/django-model-ident
Chaim
--
You received this message because you are subscribed to the Go
Tom,
I'm interested in this - I have a software architect's goal of getting our
Django systems to go to the cloud with Docker, but for Django development,
I am eager to clutter up my local box with these tools. I know systemctl
quite well, and I have no problem changing postgresql and mysql to b
On Wednesday, November 7, 2018 at 12:43:47 AM UTC+1, Dan Davis wrote:
>
> So, a developer using PostgreSQL doesn't need superuser privileges, but
> you do to run Django's unit tests, because it will test these contributed
> postgres operations.
>
I think one might get away with installing tho
thanks
On Sunday, November 4, 2018 at 7:31:47 PM UTC+5:30, Carlton Gibson wrote:
>
> Hi Abhith.
>
> Have a look at the Triage Workflow docs:
> https://docs.djangoproject.com/en/dev/internals/contributing/triaging-tickets/#triage-stages
>
> For each stage of the ticket's lifecycle they give you w
Hi, i am Abhith
Can somenone tell me the process to solve a ticket
after i assign myself an easy ticket
thanks
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receivi
Hey Dan,
I’ve been working on a project called django_docker_box (
https://github.com/orf/django-docker-box) that might help with this. Docker
is pretty good at spinning up various databases without needing to clutter
your local machine, spend time configuring authentication or dealing with
issues
12 matches
Mail list logo
