On 4 August 2014 17:47, Florian Apolloner <f.apollo...@gmail.com> wrote:
> > (eg credit card data could still get leaked, so you'd still have to > disable gzip). > This patch is entirely about preventing leakage of the CSRF token specifically; as I understand it (again, disclaimer) it should do that pretty effectively, but of course it will do nothing at all to stop leakage of any other data. > > What is wrong with xor+base64? Not that Vigenère cipher is complex, but we > have a pretty hard stance against implementing "crypto" on our own. > Nothing, really; that's probably what I would have used had FunkyBob not suggested the Vigenère cipher. That's a perfectly reasonable stance, and I can change the patch to do that if it's preferable. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAPkdtoxNCcXxpd-1bY3ayWG76pAckvU4wPACRJp5H3V04PEBJg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.