There isn't any found yet? but seriously.. we should have a 'security' page which covers django 'best-practices' in that area. there has been some recent discussion on the developer list about how to accept parameters defensively.
There is also a cross site request forgery prevention compoent here: http://lukeplant.me.uk/resources/csrfmiddleware/ regards Ian. On 11/26/05, Kenneth Gonsalves <[EMAIL PROTECTED]> wrote: > > hi, > have been talking to some php folk about switching to django, but > they have raised a serious concern: Django website does not have a > page for security alerts and the django team has not released any > security patches - so they feel very uneasy about the whole thing. > Can this defect somehow be rectified? > -- > regards > kg > > http://www.livejournal.com/users/lawgon > tally ho! http://avsap.org.in > ಇಂಡ್ಲಿನಕ್ಸ வாழ்க! > -- [EMAIL PROTECTED] -- ++61-3-9877-0909 If everything seems under control, you're not going fast enough. - Mario Andretti