One thing that Django would definitely benefit from is support for
simple protection against CSRF attacks. The admin site should have
this turned on by default, and some kind of mechanism for easily
applying it to custom code would be welcome as well.
CSRF attacks are described in detail
On Sep 14, 2005, at 9:25 AM, John Madson wrote:
There's been almost no discussion of Django's approach to security,
either on this list, the users list, Trac, or in the documentation.
Web application security is under heavy scrutiny these days and
there's
nary a frameout out there that's taki
On 9/14/05, John Madson <[EMAIL PROTECTED]> wrote:
> A thorough discussion leading to an audit of Django's security
> methodology is, in my mind, essential before the 1.0 milestone. How do
> people feel about this?
Sounds great. Let's do it!
Adrian
--
Adrian Holovaty
holovaty.com | djangoproj
There's been almost no discussion of Django's approach to security,
either on this list, the users list, Trac, or in the documentation.
Web application security is under heavy scrutiny these days and there's
nary a frameout out there that's taking it seriously. This seems like
an opportunity for
