Re: Why using django.contrib.sessions as the salt to encode session data? why not secret key?

On Wed, Oct 12, 2022 at 3:25 PM 'Adam Johnson' via Django developers (Contributions to Django itself) wrote: > Thank you for diving into this John! All seems sensible then. > Yeah, the threat model here is you have, say, Endpoints A and B that each work with HMAC'd values, and Endpoint A generate

Re: Why using django.contrib.sessions as the salt to encode session data? why not secret key?

Thank you for diving into this John! All seems sensible then. On Wed, Oct 5, 2022 at 11:53 PM 'John Whitlock' via Django developers (Contributions to Django itself) wrote: > Looking at the code, the hard-coded salt seems OK to me. The encoding is > done by SessionBase.encode() >

Re: Model-level validation

I think the core developers who are making assertions about what is "accessible" and "makes sense" to newcomers would be well served by taking into account the actual experiences of newcomers. The expectation does not appear to align with reality. On Wednesday, October 12, 2022 at 1:19:56 AM UT

Re: Proposal: cacheif template tag

Hey Carlton, I am not sure I got your idea. The point of proposal is not in user.is_authenticated. user.is_authenticated is just a boolean. Conditional caching for non logged in user is just very simple and common use case when `cacheif` could be used. пʼятниця, 30 вересня 2022 р. о 09:09:53 U

Re: Model-level validation

I'd like to chime in with this: There was a point in time when we ran into this issue and solved it with our own Model descendant. IMHO, I'm completely with Aaron on this: all the guts are there, just not being used. It took me quite a while to wrap my brain around the idea that validation w