I think using subclass of User model for your fields has the same
flexibility as separate profile model (since you can have only one).
contrib.auth can be fairly simply adjusted to use custom User model
from settings instead of always using its own User.
In that sense I am totally for homogenizatio
On 03/18/2011 08:09 AM, Alexander Schepanovski wrote:
> I think using subclass of User model for your fields has the same
> flexibility as separate profile model (since you can have only one).
You can have multiple subclasses of the User model (not that I recommend
subclassing).
> contrib.auth
On Fri, Mar 18, 2011 at 2:22 PM, Carl Meyer wrote:
>
>
> On 03/18/2011 08:09 AM, Alexander Schepanovski wrote:
>> I think using subclass of User model for your fields has the same
>> flexibility as separate profile model (since you can have only one).
>
> You can have multiple subclasses of the Us
i got a problem that drains me. I created an application/interface
that a certain thing would need to create a file on a particular
share. problem is that I get IOError code 13. There are some
restrictions in Django that they not know?
strange is that if I make a first os.path.isdir () and returns
On Fri, Mar 18, 2011 at 11:57 AM, mik3langelo wrote:
> i got a problem that drains me. I created an application/interface
> that a certain thing would need to create a file on a particular
> share. problem is that I get IOError code 13. There are some
> restrictions in Django that they not know?
>
On 18/03/11 04:59, Alex Kamedov wrote:
> On Thu, Mar 17, 2011 at 9:26 PM, Calvin Spealman wrote:
>
>> -1 On django manipulating PYTHONPATH
>
> +1 On encouraging people to keep their applications out of their project!
>>
> I think, it's a good idea to add new option to startapp command for create
I implemented it in a gist https://gist.github.com/876324
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group, send email to
django-develop
If you're using HTTPS, the CsrfViewMiddleware performs a same_origin
check on the domain.
Two questions:
1. What security issue does this prevent? (I assume some kind of MITM,
but I don't understand why would be important for HTTPS and not for
HTTP.)
2. Because the check uses request.get_host(),
did this get lost?
It is accepted one year ago, but did not get in...
regards
Henrik
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from this group,
This check prevents a MITM from injecting an HTTP based form/csrf
token pair along with javascript to auto-submit it to an HTTPS target.
Any HTTP request is vulnerable to all kinds of MITM and there's
nothing we can do about it, but an HTTPS-based request should be as
secure as possible even with
Ah; now that I understand the purpose of the check, it all makes sense
to me. Thanks, Paul!
-Dave
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-developers@googlegroups.com.
To unsubscribe from
On 18 мар, 21:22, Carl Meyer wrote:
> On 03/18/2011 08:09 AM, Alexander Schepanovski wrote:
>
> > I think using subclass of User model for your fields has the same
> > flexibility as separate profile model (since you can have only one).
>
> You can have multiple subclasses of the User model (not t
On Sat, Mar 19, 2011 at 4:41 AM, Henrik Genssen
wrote:
> did this get lost?
> It is accepted one year ago, but did not get in...
Yes, it has been accepted. That means that someone (in this case, me)
acknowledged that the problem described is real and worth addressing.
However, the ticket hasn't
On 03/18/2011 07:22 AM, Carl Meyer wrote:
Don't use AUTH_PROFILE_MODULE or .get_profile(). As far as I'm concerned
they bring almost nothing to the table except for the "there can be only
one" restriction
+1
Just use OneToOneField and the regular ORM access descriptors, and you
can have as ma
14 matches
Mail list logo
