Hello Carl, hello Florian,
thank you for your both replies, I feel confident that we'll sort it out
now.
On Friday, September 19, 2014 5:56:08 PM UTC+2, Carl Meyer wrote:
I can't say for sure without checking, but I would be very surprised if
> anything in Django's session code has a hard rest
Hi Nikolai,
On 09/19/2014 05:50 AM, Nikolai Prokoschenko wrote:
> the people responsible for the Apache part of our Django application
> have recently introduced a policy for mandatory use of mod_security with
> OWASP ruleset. The SQL injection rule [1], has raised their attention,
> because it ha
Hi Nikolai,
On Friday, September 19, 2014 1:50:33 PM UTC+2, Nikolai Prokoschenko wrote:
>
> 1. Has there been some security audit in the past which confirmed that
> session ID handling inside Django is not vulnerable to SQL injection
> attacks?
>
Nothing public that I am aware of, no.
2. Can I
Hello,
(disclaimer: it's a security question and I don't have any proper expertise
in this area, so please bear with me)
the people responsible for the Apache part of our Django application have
recently introduced a policy for mandatory use of mod_security with OWASP
ruleset. The SQL injectio
