Django and SSL

[James Schneider]

Outside of the various guides for implementing SSL using various
combinations like Apache/Nginx/uWSGI/GNUnicorn etc., there are only a few
other things I would watch out for:

Ensure that your server (or hosting provider) has been patched against the
Heartbleed vulnerability (CVE-2014-0160) in the recent versions of OpenSSL
(almost all providers use Linux for their hosts, and all of those probably
rely on OpenSSL libraries to handle the TLS encryption). If you don't know
what I'm talking about, you probably shouldn't be running your own server
(i.e. a VPS), yet. Any halfway decent hosting provider is already well
aware and has implemented the proper patches for you.

Make sure that your site is generating internal links correctly, i.e.,
generating relative links rather than absolute URL's. If you are consistent
in using the {% url %} tag, and none of your href= attributes start with
"http://";, it should be a seamless transition. Same goes for JavaScript
calls or references to CDN's, etc.

Also, if your site may/can use different domain names, make sure to list
all possibilities either in the CN or SAN fields in your CSR when
requesting the certificate. Note that example.com and www.example.com are
different domains when it comes to SSL certificates. Stay away from
wildcard domain certificates if possible (i.e. *.example.com), be explicit.
If you use a separate subdomain for static content (recommended), even on
the same server, include that as well.

Good luck!

-James


On Thu, Apr 24, 2014 at 6:25 AM, Venkatraman S

> wrote:

> And I prefer being on nginx + uWSGI.
>
>
> On Thu, Apr 24, 2014 at 1:05 PM, Venkatraman S 
> 
> > wrote:
>
>> Hi,
>>
>> Am an SSL newbie and am trying to understand various facets of moving a
>> webapp to ssl. Are there any learnings that the group can share w.r.t
>> moving a django site to ssl? Any pitfalls or things to be careful about. Or
>> is it a totally independent activity with no side effects on the
>> application design and deployment.
>>
>> Am referring to Philips's 
>> guidefor 
>> now, but any other recommendations?
>>
>> Regards,
>> Venkat
>>
>
>  --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to 
> django-users+unsubscr...@googlegroups.com
> .
> To post to this group, send email to 
> django-users@googlegroups.com
> .
> Visit this group at http://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/CAN7tdFTq3Ly5YzgxaJCasSDc39T8eA3RUjMV2sNs-H-m01EfgQ%40mail.gmail.com
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CA%2Be%2BciUuDW02ACPWR3cnaktJrc8Czpx6cruwaqEsMggVVfKkZg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Django

[Srinivasulu Reddy]

Hello Lee,

Thank you Lee, after changing the code according to your suggestion, 
it's working.  

On Saturday, April 26, 2014 1:35:58 AM UTC+5:30, Lee wrote:
>
> In case you dont see my email, I copy my reply here too:
>
> Hi, 
>
> Your problem is in the results view function. I'm not sure what version 
> of the tutorial you are following, but assuming you are using Django 1.6, 
> the following:
>
> def results(request, poll_id):
> poll = get_object_or_404(Poll, poll_id)
> return render(request, 'poll/results.html', {'poll':poll})
>
> Should be:
>
> def results(request, poll_id):
> poll = get_object_or_404(Poll, pk=poll_id)
> return render(request, 'poll/results.html', {'poll':poll})
>
> Hope it helps. 
>
> On Saturday, 19 April 2014 07:07:38 UTC+1, Srinivasulu Reddy wrote:
>>
>>
>> Hello folks,
>>  I am new to python/django . i am earning myself i want 
>> to know effective way of learning python / django . i am following django 
>> book for django .  Light bird apps also.
>>
>> So please anyone can help me to find the good way learn the python / 
>> django . I love to learn the python / django .
>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/5d6deff8-8c4c-4539-9586-e17feb2c37e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: What are the active Django e-commerce frameworks right now (2014)?

[Brutus Schraiber]

Thanks 'somecallitblues' I will definitely take a closer look at Mezzanine 
and Cartridge.

But I'm kinda baffled. Only one answer after two weeks?

Sure webshops might not be the hot topic anymore than they where a good 
couple of years ago, and most people just use PHP and Magento anyway, but 
still?

Was my question too long? Is this the wrong place to ask such questions?

I know I generally should use stackoverflow etc. first, but this is not the 
kind of question thats welcome there...

Any chance I get some more opinions on this? Or hints where I can get such?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/19760105-a19b-4b6b-8e9d-0689686d274f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Django explicit `order_by` by ForeignKey field

[alTus]

Thanks! Yes, this sounds logical. Haven't found anywhere here how to move 
theme to another "forum". Is this possible? Or I should just copy it?

суббота, 26 апреля 2014 г., 9:33:49 UTC+4 пользователь Simon Charette 
написал:
>
> Actually the FieldError is not raised anymore in Django 1.7 (and master) 
> and issuing a .order_by('group_id') is the equivalent of .order_by('group') 
> which respect related model ordering if defined.
>
> I would argue we should seize the opportunity to provide a way of opting 
> out of this default behavior while maintaining backward compatibility by 
> shipping this in Django 1.7.
>
> I'm afraid that if we wait until 1.7 is released with this *fix* we'll 
> have to provide an extra api to .order_by (say follow=False) to fix this 
> correctly.
>
> We should move this discussion forward to django-developers in order to 
> get feedback from the community.
>
> Simon
>
> Le vendredi 25 avril 2014 18:50:55 UTC-4, alTus a écrit :
>>
>> Hi. So I have some small models:
>>
>> class Group(models.Model):
>> name = models.CharField()
>> 
>> class Meta:
>> ordering = ('name',)
>>
>> class Entity(models.Model):
>> name = models.CharField()
>> group = models.ForeignKey(Group, null=True)
>>
>> Now I want to perform a really simple query like this:
>>
>> SELECT * FROM `app_entity`
>> WHERE `app_entity`.`name` = 'something'
>> ORDER_BY `app_entity`.`group_id` ASC;
>>
>> Note that I really want to order by the field itself with no useless 
>> joins or smth else. So I write smth like that:
>>
>> Entity.objects.filter(name='something').order_by('group')
>>
>> and django happily makes this query:
>>
>> SELECT `app_entity`.`id` FROM `app_entity`
>> LEFT OUTER JOIN `app_group` ON ( `app_entity`.`group_id` = 
>> `app_group`.`id` )
>> WHERE `app_entity`.`name` = 'smth' 
>> ORDER BY `app_group`.`name` ASC
>>
>> According to the docs it uses default Group model ordering and this 
>> default behaviour makes sense.
>> And I need this ordering to be set (for admin and some other places).
>> If I don't set ordering param in Group.Meta - I get what I want: explicit 
>> query shown above (1st one).
>> But as I said I need it. And I just can't get this query easily.
>> So we have some sort of inconsistant behaviour - I can do the right thing 
>> without ordering param and I can't do it with it.
>>
>> order_by('group_id') doesn't work and raises FieldError.
>> For now I'm using extra(order_by=['app_entity.group_id']) or even 
>> order_by('app_entity.group_id') but it's quite ugly and it's still such a 
>> trivial thing that should have a simple and straight ORM solution.
>>
>> As I think this might be considered as a bug or smth. In django sourses I 
>> found some place where field names lile `group_id` work.
>> For example, `values_list` method. But this behaviour is marked as a hack 
>> there.
>>
>> So the first question is whether do I miss smth and it can be done 
>> somehow.
>> And the second, if not, do I need to submit a ticket for this.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/6a8247f6-9f2c-4cd4-a478-98c3ad4c48a3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Django and SSL

[Venkatraman S]

On Sat, Apr 26, 2014 at 2:46 PM, James Schneider wrote:

> If you use a separate subdomain for static content (recommended), even on
> the same server, include that as well.
>


Thanks James. I did not know this(subdomain for static content) was
recommended. Why?

Regards,
Venkat

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAN7tdFSzWbUm8ejN16exktHfTK2RjwPMZESKoTSDOPYYVFZC6g%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Django and SSL

[James Schneider]

Using a separate sub domain future-proofs your site in the event it grows
large and you need to split your dynamic and static content between
servers.

It also makes it easier to parse statistics from the logs. Most web log
analyzers will handle a separate sub domain out of the box better than
using a sub directory (although both should work fine if your log analysis
tool is decent) when trying to determine hits to dynamic content vs. static
content.

Don't stress on it for lower traffic sites though. Start with the basics
and work your way up to fancy.

Just my personal thoughts. :-D

-James



On Saturday, April 26, 2014, Venkatraman S  wrote:

>
> On Sat, Apr 26, 2014 at 2:46 PM, James Schneider 
> 
> > wrote:
>
>> If you use a separate subdomain for static content (recommended), even on
>> the same server, include that as well.
>>
>
>
> Thanks James. I did not know this(subdomain for static content) was
> recommended. Why?
>
> Regards,
> Venkat
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to 
> django-users+unsubscr...@googlegroups.com
> .
> To post to this group, send email to 
> django-users@googlegroups.com
> .
> Visit this group at http://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/CAN7tdFSzWbUm8ejN16exktHfTK2RjwPMZESKoTSDOPYYVFZC6g%40mail.gmail.com
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CA%2Be%2BciW-7aKOHn2J1X0hACfhuEy6giRHAKWf8kzfPmS7CJdZWQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: What are the active Django e-commerce frameworks right now (2014)?

[Jared Nielsen]

Check out Stripe. Not a framework, but very easy to implement with Django. 

On Saturday, April 26, 2014 4:57:51 AM UTC-6, Brutus Schraiber wrote:
>
> Thanks 'somecallitblues' I will definitely take a closer look at Mezzanine 
> and Cartridge.
>
> But I'm kinda baffled. Only one answer after two weeks?
>
> Sure webshops might not be the hot topic anymore than they where a good 
> couple of years ago, and most people just use PHP and Magento anyway, but 
> still?
>
> Was my question too long? Is this the wrong place to ask such questions?
>
> I know I generally should use stackoverflow etc. first, but this is not 
> the kind of question thats welcome there...
>
> Any chance I get some more opinions on this? Or hints where I can get such?
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/8fe6df44-6bbe-4a54-9c63-fa6c6d5b733f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: What are the active Django e-commerce frameworks right now (2014)?

[donarb]

On Saturday, April 26, 2014 3:57:51 AM UTC-7, Brutus Schraiber wrote:
>
> Thanks 'somecallitblues' I will definitely take a closer look at Mezzanine 
> and Cartridge.
>
> But I'm kinda baffled. Only one answer after two weeks?
>
> Sure webshops might not be the hot topic anymore than they where a good 
> couple of years ago, and most people just use PHP and Magento anyway, but 
> still?
>
> Was my question too long? Is this the wrong place to ask such questions?
>
> I know I generally should use stackoverflow etc. first, but this is not 
> the kind of question thats welcome there...
>
> Any chance I get some more opinions on this? Or hints where I can get such?
>


What you may want to do is to go to some of the projects that you initially 
listed and ask questions of the users on their mailing lists as to what 
sorts of stores they are creating and why they picked that particular 
library.

I have been looking at some of the packages myself for some projects I'm 
wanting to do and I like what Oscar seems to be doing. Their Github account 
is pretty active and lots of good features are being added. 

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/34f402f0-0e65-49ac-adee-f93e285fd341%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Loading data in migrations

[Tim Chase]

According to [1]

"""
[automatically loading initial data via fixtures is d]eprecated since
version 1.7: If an application uses migrations, there is no automatic
loading of fixtures. Since migrations will be required for
applications in Django 1.9, this behavior is considered deprecated.
If you want to load initial data for an app, consider doing it in a
migration.
"""

However, the docs don't link to how that data should be furnished to
the migration.  As best I can tell from reading[2], it sounds like
one needs to create a Python function that creates & saves the data,
and then provide that function to migrations.RunPython to be
executed.  Is this correct, or is there some easier way to provide
that initial data to an app?

Thanks,

-tkc

[1]
https://docs.djangoproject.com/en/dev/howto/initial-data/#automatically-loading-initial-data-fixtures

[2]
https://docs.djangoproject.com/en/dev/topics/migrations/

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/20140426155141.08babef1%40bigbox.christie.dr.
For more options, visit https://groups.google.com/d/optout.

Re: Casting a raw query set as a list for pagination

[Matt Buck]

I've created a paginator for RawQuerySets. 
 https://github.com/seamusmb/django-paginator-rawqueryset

On Tuesday, March 26, 2013 5:51:41 AM UTC-4, chambe...@gmail.com wrote:
>
> I'm trying to implement Django's built in pagination feature with a raw 
> query set. I've researched the issue and the answer is I need to cast my 
> set as a list. Something like this:
>
> paginator = Paginator(refg, 100) # Show 100 contacts per page
> paginator._count = len(list(refg))
>
> From my understanding, setting the count field for the paginator should 
> prevent Django from trying to get the size of my raw set, but this is not the 
> case.  I'm still getting the "RawQuerySet has no len() operation" error.  
> I've attched the relevant code from my views.py and my template.  
>
> Can I get some advice as to how I can fix this error?
>
>
> views.py
> refg = RefGene.objects.raw(qrefg) 
>
> paginator = Paginator(refg, 100) # Show 100 contacts per page 
> paginator._count = len(list(refg)) 
>
> # using django's generated forms 
> c = RequestContext(request, { 
> "refg": refg, ... }) 
>
> return HttpResponse(t.render(c)) 
>
>
> template
>
> {% autopaginate refg %}
> {% for r in refg %}
>
> 
> {{ r.data}}
> {{ r.loc}}
> 
>
> {% endfor %}
> {% paginate %}
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/86cd1c6d-5e2d-409c-8ce7-f911c61fe856%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: 3 table many to many relationship

[Malik Rumi]

Merci beaucoup


On Wed, Apr 23, 2014 at 10:43 PM, Simon Charette wrote:

> Django allows you to explicitly specify an intermediary model for
> many-to-many relationships with the 
> `through`
> option.
>
> class A(models.Model):
> b_set = models.ManyToMany('B', related_name='a_set', through='R')
> c_set = models.ManyToMany('C', related_name='a_set', through='R')
>
> class B(models.Model):
> pass
>
> class C(models.Model):
> pass
>
> class R(models.Model):
> a = models.ForeignKey('A')
> b = models.ForeignKey('B')
> c = models.ForeignKey('C')
>
> However you'll loose the ability of directly adding objects to
> relationships (A().b_set.create() won't work).
> You'll need to explicitly create `R` instances instead:
> R.objects.create(a=a, b=b, c=c).
>
> Simon
>
> Le mercredi 23 avril 2014 23:24:04 UTC-4, Malik Rumi a écrit :
>
>> I was designing the models I will need for this project. I designed an
>> intermediate table for two models, A and B, and then started to sketch out
>> an intermediate table for two other models, A and C, when I realized that
>> these two intermediate tables both use A, and further, the information in
>> the second intermediate table will be a lot more valuable it if also shows
>> the relationship C has to B.
>>
>> I looked at the Many to Many documentation on the official Django site,
>> but I don’t see a discussion of this three table option. I have seen it
>> elsewhere, so I assume it can be done. What I don’t assume is the impact
>> this has on performance and other issues I might not even anticipate. So,
>> my questions:
>>
>>Can this three sided many to many intermediate table be created in
>> Django?
>>
>> If it can, is it advisable, or are there better / more efficient
>> ways of doing this, like with two intermediate tables as I was originally
>> thinking?
>>
>> thx.
>>
>>  --
> You received this message because you are subscribed to a topic in the
> Google Groups "Django users" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/django-users/Z53HNI9t8Rw/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at http://groups.google.com/group/django-users.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/django-users/2e128d84-3e70-4bab-8b70-696eaaa369c1%40googlegroups.com
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAKd6oByv_%3Dif8JTtLi%3D5%2BtzUsS8K6MSuS_AG8ooYhUqX039Cng%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.