Hi Ahmad,
> On 23 Mar 2020, at 13:23, Ahmad A. Hussein wrote:
>
> I completely agree with what has already been said by everyone here;
> moreover, this is a battery missing from Django in my opinion. It would make
> Django more "batteries-included" if this was part of core rather than third
>
mplementation, but
I think I need a kind of confirmation from core devs.
>
> Cheers,
> Alasdair
>
> On Sunday, 15 March 2020 17:46:48 UTC, Mehmet Ince wrote:
> Hi Adam,
>
> Thanks for your comments. I was thinking to implemented this as a separated
> middleware but, as y
Hi Adam,
Thanks for your comments. I was thinking to implemented this as a separated
middleware but, as you said, AuthenticationMiddleware is much better place to
do it.
I already started to implementing this in AuthenticationMiddleware. I would
like to send a PR if it’s okay to everyone ?
I’
Hi Tobias,
Thanks for your comments
> On 14 Mar 2020, at 11:43, Tobias Bengfort wrote:
>
> Hi Mehmet,
>
> On 13/03/2020 21.47, Mehmet Ince wrote:
>> - We must forcefully enable session validation for every endpoint.
>> - Developers must do something to make t
uses a global setting that applies default Authentication
> and Permissions classes on all views. something like that could be possible
> in core Django.
>
> On Sat, 14 Mar, 2020, 02:18 Mehmet Ince, <mailto:meh...@mehmetince.net>> wrote:
> Hi everyone,
>
> I
Hi everyone,
I've been working as a security researcher for a long time. Common mistake that
I've seen is forgotten decorator and/or Mixin usage on controllers, which leads
to OWASP A5 Broken_Access_Control[1]. I believe one of the most important, as
well as most used, decorator and/or Mixing i
