Does anyone object/disagree if I move all the tutorials off the
DjangoResources page (1), to a new page (2) to give them some more
room to 'breathe'? I'll take a crack at categorising them too - pre-
MR, components, etc.
(1) http://code.djangoproject.com/wiki/DjangoResources
(2) http://code.dja
HI everyone,
I'm getting into problems because manage.py sets sys.path to both its
folder _and_ the parent folder. I find this kind of magic frustrating
because of the following reasons:
1. I'm unable to have package name "project.project"
When I build a simple project with a single app, I would
Hello!
I was lazily thinking about making {% url %} and "reverse" to work for
generic views ("GV"). The main problem why reversing doesn't work for GV
is that it relies on view's name to be unique while GVs obviously have
the same name for many URLs (that makes them "generic"). Hence a
signat
On 3/13/07, Simon G. <[EMAIL PROTECTED]> wrote:
>
> Does anyone object/disagree if I move all the tutorials off the
> DjangoResources page (1), to a new page (2) to give them some more
> room to 'breathe'? I'll take a crack at categorising them too - pre-
> MR, components, etc.
Sounds like a goo
On Mar 13, 6:10 am, "Simon G." <[EMAIL PROTECTED]> wrote:
> http://code.djangoproject.com/wiki/DjangoResources
Simon,
It might also be worth giving greater prominence to
http://www.djangosnippets.org. The site is almost
hidden as the 22nd item listed under Open Source
Django Projects. It might
On 3/13/07, Ivan Sagalaev <[EMAIL PROTECTED]> wrote:
> I was lazily thinking about making {% url %} and "reverse" to work for
> generic views ("GV").
I've been thinking about this a bunch myself. I came up with some
ideas similar to yours, but so far they're just in my head. I'll try
to write 'em
On 3/10/07, Malcolm Tredinnick <[EMAIL PROTECTED]> wrote:
> However, the more I think about this the more I think we should be
> throwing an error if they are using an older version, particularly in
> the new (0.96) release. If you are using the older version you will see
> bugs. There is no quest
Jacob Kaplan-Moss wrote:
> I've been thinking about this a bunch myself. I came up with some
> ideas similar to yours, but so far they're just in my head. I'll try
> to write 'em up, but in the time being I'd love to see you (or
> someone) start hacking on some code!
Ok!
For the reference: http:
On 3/12/07, Gary Wilson <[EMAIL PROTECTED]> wrote:
> I asked Jacob to take a quick look at this ticket during the PyCon
> sprint. His comments were (1) the send method on EmailMessage is
> kinda neat and (2) we would need to keep send_mail() and
> send_mass_mail() functions around for backwards c
While being interested in becoming a soc student for this year myself
I would like to encourage you to enlist as mentors and continue the
submission of project ideas on the wiki page [1].
Best,
Jannis
[1] http://code.djangoproject.com/wiki/SummerOfCode2007
Am 27.02.2007 um 05:05 schrieb Jos
Hi Ilya,
I'll just speak about how I organize my django work. This diagram might
help you: http://www.calixto.net/john/djangoproj_layout.txt
It probably doesn't address your #1 (naming the app the same as the
project). However, I think having an app called "site" would scale
well should you d
Anton Khalikov opened a new ticket pointing out a hole in the current
session framework which can cause session id collisions.
He's put together a newsessions package which could be good, but
obviously needs some discussion (here). So, discuss away!
http://code.djangoproject.com/ticket/3716
--
On 3/13/07, SmileyChris <[EMAIL PROTECTED]> wrote:
> Anton Khalikov opened a new ticket pointing out a hole in the current
> session framework which can cause session id collisions.
The proposed solution for collision (more on that in a moment) seems
good -- the bug seems to happen solely because
Hi,
as far as I see, newsessions checks REMOTE_IP. Is this a good idea?
a) the client can sit behind a NAT that might hand out different IPs
b) the server can be behind NAT and not see the true IP at all. It
might see different IPs for the same client over time.
c) a crazy load balancer might
Howdy folks --
We still need developers to be mentors for the Summer of Code. This
essentially means helping a student as s/he implements some cool new
feature, and making sure that s/he completes things on time.
If you've been around here for a bit and want to *really* help us out,
please sign
On 3/13/07, Michael Radziej <[EMAIL PROTECTED]> wrote:
> a) the client can sit behind a NAT that might hand out different IPs
> b) the server can be behind NAT and not see the true IP at all. It
>might see different IPs for the same client over time.
> c) a crazy load balancer might get in the
I actually passed this onto the security mailing address, as I thought
it was better to be safe than sorry. Adrian's response was that tying
things to the IP address is not a good idea (for the reasons that
others have stated in this thread).
One thing that I would like to suggest is that we do l
SmileyChris wrote:
> Anton Khalikov opened a new ticket pointing out a hole in the current
> session framework which can cause session id collisions.
Could be easily fixed with providing Model._update() and Model._insert()
as proposed here:
http://groups.google.com/group/django-developers/browse_
Both have the behaviour that "the current date is always used". For
auto_now, it meas it is impossible to set a custom timestamp. For
auto_now_add it means you first have to create the object, save it,
set custom stamp, save again.
First it is odd that if it is intended for the timestamp to be wr
On 3/13/07, Simon G. <[EMAIL PROTECTED]> wrote:
> There's also no reason for a
> "normal" user to change UA strings without needing to login again.
UA strings change on every minor rev of some browsers, plus various
tool versions (.net, etc.). Having those users logged out would suck
for my purp
On 3/13/07, Norjee <[EMAIL PROTECTED]> wrote:
>
> Both have the behaviour that "the current date is always used". For
> auto_now, it meas it is impossible to set a custom timestamp. For
> auto_now_add it means you first have to create the object, save it,
> set custom stamp, save again.
>
> First i
Guys I would like to explain some things and decisions in my code.
1. REMOTE_IP. I think it is a good idea to check it. Load balancers
acts as proxy servers. Every web server has a module that allow to
restore REMOTE_IP from X-FORWARDED-FOR, for example apache's module is
called mod_rpaf. And ofc
Even more on remote ip checking: it can be done in a flexible way when
user is able to set either don't ever use it, check remote ip, check
user agent name or ever both remote ip and user agent for paranoids :)
I think everyone understands that it's about 2-3 more lines of code.
--~--~-~
On 3/13/07, ak <[EMAIL PROTECTED]> wrote:
> 1. REMOTE_IP. I think it is a good idea to check it. Load balancers
> acts as proxy servers. Every web server has a module that allow to
> restore REMOTE_IP from X-FORWARDED-FOR, for example apache's module is
> called mod_rpaf. And ofcourse it's very ea
> I'm still wary of this -- again, it doesn't do anything to prevent
> man-in-the-middle, and it introduces complexity and -- if we're
> worried about session collisions -- introduces a whole new class of
> bugs when you have a bunch of people behind a NAT or firewall who all,
> from the POV of yo
On 3/14/07, ak <[EMAIL PROTECTED]> wrote:
> 2. I have an ethernet connection @home and I sometimes log in to our
> private web apps from home. Any 'c00l hacker' is able to scan network
> traffic, get my session id and use it to join to my session too just
> because there is absolutely no checking
> so it doesn't get us any real improvement in security
James, there is a concept of 'fool proof'. Real hackers may do many
things. But current model allows even 10 year old kids to be hackers.
This is just against them. There is no ability to protect all sites
with ssl and I would not like a nei
Default django installation uses session lifetime equal to 2 weeks
with no session expiration at browser close. Just calculate what
should be a default strength of session id generator to successfully
generate unique IDs within 2 weeks for a web app with 1 000 000 unique
visitors per a day. As far
On Mon, 2007-03-12 at 20:52 -0700, Sengtha wrote:
> I am currently working on one project which needs to view page on
> browser that doesn't support cookies.
> By what I know, all Django sessions are based on browser cookies. And
> Django sessions are save in django_session table. I wonder there i
Hey Jeremy,
On Mon, 2007-03-12 at 23:15 -0500, Jeremy Dunck wrote:
> Over on the psycopg2 list, I saw a mention that psycopg2 supports
> optional server-side cursors, which is good for client-side memory
> usage but requires more network round-trips to fetch the whole
> resultset. (Apparently, b
On Tue, 2007-03-13 at 06:45 +, Boris Erdmann wrote:
> Hi,
>
> sorry for cross posting:
>
>
> The __init__ method of the newforms.Field class normalizes labels and
> help_text by using smart_unicode().
>
> This seems to break gettext_lazy. The marked string gets evaluated to
> early?
>
> W
31 matches
Mail list logo
