Currently, when you order a security audit on a Django project from any of the 
firms I've seen so far (including my own), all inputs fall short on stuff like:

"First name input: allows special caracters such as <>/"' which may cause a 
security issue with further developments done on the same database but outside 
Django".

As far as I can imagine, special caracters would be acceptable on inputs that 
should accept code or some kind of math, which is not the case for most inputs.

Django should harden default input validation to make it easier for Django 
projects to get a good grade on security audits, without having to go over all 
fields to setup basic input validators.

-- 
You received this message because you are subscribed to the Google Groups 
"Django developers  (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-developers+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-developers/EiNHz_fmHLmQXZ5ChTG0qrnp8BrP0s75szk9oDolStpIyMSz71B3yesI7U6K8QZNkUmeAN6v6zMhExwhwcbtGNeaOUgubDOIDK-Q4cVFvOw%3D%40protonmail.com.
  • ... '1337 Shadow Hacker' via Django developers (Contributions to Django itself)
    • ... Kacper Szmigiel
      • ... Adam Johnson
        • ... '1337 Shadow Hacker' via Django developers (Contributions to Django itself)
        • ... Matthew Pava
          • ... Adam Johnson
        • ... אורי
          • ... '1337 Shadow Hacker' via Django developers (Contributions to Django itself)
            • ... René Fleschenberg
              • ... '1337 Shadow Hacker' via Django developers (Contributions to Django itself)
    • ... Curtis Maloney

Reply via email to