into this great talk by James Bennett, titled
"Django in Depth": http://www.youtube.com/watch?v=t_ziKY1ayCo
--
Rohan Jain
On Mon, Jan 7, 2013 at 10:27 AM, Mayur Patil wrote:
> Hello there,
>
> I want to understand how to get deep insight into Django code?
>
> Thank Y
Hi,
Ref Merging Centralized Tokenization.
I found out that some tests for sessions are failing with it. Stupidly,
I didn't have sessions in my test subset for tokenization. Anyway,
I'll try to get it fixed and write some tests for tokens in next few
days.
--
Thanks
Rohan
On 10:50 +010
Hi,
Thanks for the reply.
On 10:50 +0100 / 21 Aug, Andrew Godwin wrote:
> Thanks for your work during the GSOC, Rohan - don't worry about not
> achieving everything, it looks like there's still some useful code there!
>
> Hopefully we can get some of the code merged,
submit some
patches.
--
Thanks
Rohan Jain
[0]: https://github.com/crodjer/django/tree/centralized-tokenization
[1]:
https://github.com/crodjer/django/blob/centralized-tokenization/docs/topics/tokenization.txt
[2]: https://github.com/crodjer/django/tree/sessions-improvements
[3]: https://github.com/crod
Hi,
Sorry for the delay in getting back. I was meanwhile working on
centralized tokenization for few days, while still trying to figure
something better for CSRF.
On 03:52 -0400 / 25 Jul, Alex Ogier wrote:
> On Tue, Jul 24, 2012 at 11:37 PM, Rohan Jain wrote:
> >
> > I ha
On 19:46 +0100 / 23 Jul, Luke Plant wrote:
> On 23/07/12 14:24, Rohan Jain wrote:
> > With this, attacker won't be able to directly set arbitrary tokens on
> > other sub domains through cookies, they will need a signature of the
> > token with the form which is to be v
On 11:06 +0100 / 23 Jul, Luke Plant wrote:
> On 23/07/12 08:07, Rohan Jain wrote:
> > ###CSRF Cookies (Time signed):
> >
> > - A random token generated by the server stored in the browser cookies. For
> >verification, every non get request will need to provi
pros and cons of the
methods for CSRF checking. Its in my same soc proposal gist:
<https://gist.github.com/2203174#file_csrf.mkd>
Also added the content of the gist in the end of this mail.
--
Thanks
Rohan
[0]: https://github.com/yarko/django
[1]: https://github.com/crodjer/django/commits/
ib.sessions are still
pending some feedback, at [pull-78].[3].
--
Thanks
Rohan Jain
[0]: https://github.com/crodjer/django/tree/purge-cookies
[1]: https://github.com/yarko/django
[2]: https://github.com/crodjer/django/commits/centralized-tokenization
[3]: https://github.com/django/django/pull/78
an initial implementation of these, changes in [pull
request #95][pull-95]. I'll now proceed to clean these up, writing
better tests and documentation for these. Also with these, we can
completely get rid of the cookie based CSRF check system.
--
Thanks
Rohan Jain
[fnmatch-docs]: http://docs.
command logic to individual backend.
Cleanup for sessions data will be done on the basis of current backend
setting, instead of just for the database backend.
Also, the session key character set is now `a-z0-9`.
--
Rohan
[pull-78]: https://github.com/django/django/pull/78
--
You received this
#78][1] over github.
Paul, could you please review it to see if the patches are usable.
Next, I'll make the changes which may be required in documentation
because of the above.
Today is official start date of the GSoC project, so I'll now start
concentrating more on the project now.
Roha
work
on the final fix.
- Start looking into resources useful for my project, like [The
Tangled Web][1].
Rohan Jain
[0]: https://code.djangoproject.com/ticket/18194
[1]: http://www.amazon.com/The-Tangled-Web-Securing-Applications/dp/1593273886
On Fri, Apr 27, 2012 at 6:54 PM, Rohan Jain wrote:
Hi,
I am Rohan Jain, a student from Indian Institute of Technology,
Kharagpur. I'll be doing a Google Summer of Code project with django
this year under the title "Security Enhancements". As the title
suggests, it has something to do with Security Enhancements: like
impro
On 16:03 +0100 / 18 Apr, Luke Plant wrote:
> On 15/04/12 05:23, Rohan Jain wrote:
> > On 22:50 +0100 / 13 Apr, Luke Plant wrote:
> >> The reason for the strict referer checking under HTTPS is set out here:
> >>
> >> https://code.djangoproject.com/wiki/CsrfProt
rowsers, it should prevent CSRF even in cases when the CSRF
> token is stolen due to misconfiguration or user error.
>
> -Paul
I second this. The selective origin checking, though not completely,
will improve CSRF protection for some clients. We can then be sure
about an automatic increase
On 22:50 +0100 / 13 Apr, Luke Plant wrote:
> Hi Rohan,
>
> Sorry for the slow reply on this one, I've had a busy time recently.
> Please see my comments on some parts of this proposal.
No worries about this.
>
> On 31/03/12 19:10, Rohan Jain wrote:
> > Hi,
> >
Hi Russel,
That is a good news for me. I have added a timeline and posted it over
melange.
Public Gist for the same: https://gist.github.com/2203174
-- Rohan
On 16:14 +0800 / 6 Apr, Russell Keith-Magee wrote:
>
> On 06/04/2012, at 3:54 PM, Rohan Jain wrote:
>
> > Hi Russel,
Hi Russel,
Thanks for the reply.
On 14:42 +0800 / 6 Apr, Russell Keith-Magee wrote:
>
> Hi Rohan,
>
> Apologies for the lack of response. Anyone who has put effort into writing up
> a proposal certainly deserves a response of some kind, so we've dropped the
> ball he
thing of value. Maybe some
one could work over that, even me if I get the time.
--
Rohan
On 23:40 +0530 / 31 Mar, Rohan Jain wrote:
> Hi,
>
> I am Rohan Jain, a 4th (final) year B.Tech undergraduate Student
> from Indian Institute of Technology, Kharagpur. I have been using
> djan
Hi,
I am Rohan Jain, a 4th (final) year B.Tech undergraduate Student
from Indian Institute of Technology, Kharagpur. I have been using
django since over a year and generally look into the code base to find
about various implementations. I have made attempts to make some minor
contributions and if
These are some auth settings and models I propose to account for the
generally
raised questions for auth.User flexibility.
Settings:
- AUTH_USER_EMAIL_UNIQUE
If the email should be unique for users. It is a rare case when a website
would have users sharing emails. It is more likely oth
I am also trying to achieve something highly similar to this but in a
dilemma, for how to proceed. I have written a post about this:
http://www.rohanjain.in/blog/hosting-multiple-sites-with-same-django-project/.
Is there any existing big project following a similar concept?
--
You received thi
http://lecturetheory.blogspot.com/
*Organisation*
* *
*A. Learning Objectives:*
The objectives of this week topic are to expose students to
1. What is organization and how it operates within the business
environment.
2. How its operation differs from one place to another base on th
Download Weather Toolbar - Instant weather reports, forecasts, and
radar images anytime for FREE! - http://surl.in/HLWTD238206SVRAKSX
--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To pos
25 matches
Mail list logo
