I think they nibble at it. They look at the compressed length - the shorter
the compressed length closer they are. But if an incorrect CSRF was never
reflected there would be nothing for them to nibble at. It says this in the
paper: "However, we remark that requiring a valid CSRF token for all
req
only need to obfuscate it enough to defeat the
> compression scheme, not an adversarial attacker.
>
>
> On Wed, Aug 7, 2013 at 3:23 AM, Simon Blanchard wrote:
>
>> I think they nibble at it. They look at the compressed length - the
>> shorter the compressed length closer t
Hi
Just FYI: back in 2007 GSOC there was a project to add constraints. The
syntax was as follows:
class Manufacturer(models.Model):
mfg_name = models.CharField(maxlength=50)
car_sale_start = models.DateField()
car_sale_end = models.DateField()
quantity_sold = models.IntegerField()
car_price = mod
If I may point to a new ticket I just created related to sessions and
race conditions
http://code.djangoproject.com/ticket/6984
It fixes a lot of weirdness I was experiencing. It is still not thread
safe though I am not sure that is an issue since in my (limited)
testing there was a one-to-one ma
On Tue, Apr 22, 2008 at 1:26 AM, Rob Hudson <[EMAIL PROTECTED]> wrote:
>
> Simon Willison wrote:
> > Of course, this behaviour is documented... but I think it's reasonable
> > to expect that many people will miss that part of the docs.
>
> Where? I didn't know about this and feel like I've re
