On Fri, Jul 23, 2010 at 12:59 AM, Russell Keith-Magee
wrote:
> On Fri, Jul 23, 2010 at 4:37 AM, Alex Gaynor wrote:
>> Hey all,
>>
>> As I said in my last update, this week I've been working on some
>> ListField stuff. So far I have a basic ListField implemented, with a
>> syntax of models.ListFi
On Tue, Jul 13, 2010 at 9:48 AM, Jannis Leidel wrote:
>
> Am 13.07.2010 um 01:35 schrieb Russell Keith-Magee:
>
>>> On Sun, Jul 11, 2010 at 10:36 AM, Antoni Aloy wrote:
Hi,
I have confirmed the bug with other non speaking people and I have
sent an e-mail to django-i18n group t
2010/7/26 Craig Younkins :
>> "As far I can determine, only badly-written user code could result in
>> SQL injection."
>
> And with that statement you define the world of application security. Nearly
> all the exploits and vulnerabilities we see are not because the security
> controls don't exist -
>
> "As far I can determine, only badly-written user code could result in
> SQL injection."
And with that statement you define the world of application security. Nearly
all the exploits and vulnerabilities we see are not because the security
controls don't exist - it's because they aren't used co
On Mon, Jul 26, 2010 at 1:38 PM, Alex Gaynor wrote:
> Bzzz :), we do flush the entire session here:
> http://code.djangoproject.com/browser/django/trunk/django/contrib/auth/__init__.py#L84
Ah, you're right - thanks. Looks like it's been that way for a while:
http://code.djangoproject.com/changese
On Mon, Jul 26, 2010 at 2:57 PM, Jacob Kaplan-Moss wrote:
> Hi Craig --
>
> Once again, thanks for this work; I can see it paying off big. And I
> know you know this, but for the benefit of anyone else reading this
> thread:
>
> **PLEASE report any security issues — potential or otherwise — to
> s
Hi Craig --
Once again, thanks for this work; I can see it paying off big. And I
know you know this, but for the benefit of anyone else reading this
thread:
**PLEASE report any security issues — potential or otherwise — to
secur...@djangoproject.com.**
(More on our security policy:
http://docs.d
At Python Security [1] we are beginning to turn our focus towards an
in-depth but informal review of Django. Below is an excerpt from the email
[2] I sent to our mailing list:
[4] is the wiki page for Django. As you can see, we already have a
bunch of information.
In particular, I've taken a look
On Mon, Jul 26, 2010 at 9:44 AM, Ramiro Morales wrote:
> Richard has opened ticket [1]14000 for tracking work on this.
14,000!
> One additional question: Should the 'versionchanged' notes
> get the same treatment?
Yeah, I think so. Remember: we might need to edit/rewrite certain
sections to cle
On Fri, Jul 23, 2010 at 4:49 PM, Jacob Kaplan-Moss wrote:
> On Fri, Jul 23, 2010 at 9:37 AM, Jeremy Dunck wrote:
>> I think maybe the rendering can just be altered to ignore tags with
>> the old values?
>
> Actually, I think I'd rather just remove them -- plenty of people
> (including me) read th
On Sun, Jul 25, 2010 at 1:13 PM, faldridge wrote:
> I have an open ticket that adds a get_flatpages template tag to the
> flatpages contrib app to retrieve and iterate over all the installed
> flatpages for a given site.
>
> The ticket is #6932; it is in the 'accepted' triage stage with a patch
>
On Sat, Jul 24, 2010 at 4:07 PM, Carl Meyer wrote:
> It's not obvious to me why .extra or .raw are the appropriate analogy
> here, instead of the rest of the ORM API, which does attempt to
> present the same semantics regardless of backend.
>
The issue is about values passed, not about semantics
12 matches
Mail list logo