Re: Is CSRF middleware to be taken seriously (from a XSRF point of view)?

2018-01-16 Thread James Bennett 
The base CSRF secret is per-user, not global. So while you could write a
script to hit a page over and over and harvest CSRF tokens, those tokens
would only be valid for the session/user associated with your script.
Attempting to use them to execute a CSRF attack against another user would
fail (since the other user would have a different base CSRF secret, and
therefore the tokens you'd harvested would not be valid for that user).

To generate a valid token for another user, you would need to see valid
tokens for that user. The only way to do this (assuming a
properly-configured site using HTTPS) is to already have compromised that
user's account. In which case, it doesn't matter that you can CSRF them,
because you've already fully compromised their account.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAL13Cg_FA4U-FDbJGfn0g%2B8UJ_BxU6B1cL1eEJek9g9to68SgQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Is CSRF middleware to be taken seriously (from a XSRF point of view)?

2018-01-16 Thread Etienne Robillard 

Hi Stephan,

I'm also interested to understand why I should have some form of CSRF 
protection for my wsgi app...


perhaps recoding the Django 1.11 CSRF middleware into a proper WSGI 
application (CSRFController) would help.


but seriously, i don't use/recommend the Django CSRF middleware because 
it does not improve security of forms processing.



cheers,

Etienne



Le 2018-01-15 à 17:03, Stephan Doliov a écrit :
Just curious, I recently went on a source code studying binge and took 
a look at the CSRF middleware that comes with Django. I appreciate the 
work and effort of the authors, but I am not sure I gain anything by 
deploying it to my site. Here is why:
The middleware token assigned to a form and to a csrftoken cookie are 
ciphertexts of the same underlying key (by default, the underlying key 
is chosen as 32 randomly chosen (with replacement) chars from a set of 
62 chars. So the easy workaround can be done in one of two ways


1) Write a script that just harvests the middleware token from a form 
"protected" with such token and use the value of that as the csrftoken 
cookie.
As the middlewaretoken is a cipher of the underlying token, obviously 
using the the same string as the value to the csrftoken cookie will 
satisfy the middleware's demand for authorization of the resource 
(e.g. POSTing to the form)


2) Learn the easy cipher algorithm the csrf middleware uses and 
present a csrf token cookie that will decode to the right value.


In either case, I am not convinced that meaningful protection against 
CSRF types of requests are provided by the middleware. Am I missing 
something?


Wouldn't it be more secure to just have middleware that whitelists as 
a series of origins (aka CORS) and then, unlike CORS, actually perform 
reverse lookups on the dns of the whitelisted domains? (Of course, 
this assumes that the hosts that might want to make cross-site 
requests ahve access to managing their reverse DNS).


Am I missing something; or, if serving performance is a top goal of 
mine, should I just ditch the csrf middleware? (and maybe rate limit 
client requests to prevent DoS attacks)?


Thanks,
Steve
--
You received this message because you are subscribed to the Google 
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to django-users+unsubscr...@googlegroups.com 
.
To post to this group, send email to django-users@googlegroups.com 
.

Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/9c4a794f-aa9e-4c00-ba20-779ad7a87d2a%40googlegroups.com 
.

For more options, visit https://groups.google.com/d/optout.


--
Etienne Robillard
tkad...@yandex.com
https://www.isotopesoftware.ca/

--
You received this message because you are subscribed to the Google Groups "Django 
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/95bba86c-ed2e-fd8d-e7da-2ec1b80c273c%40yandex.com.
For more options, visit https://groups.google.com/d/optout.

Re: Is CSRF middleware to be taken seriously (from a XSRF point of view)?

2018-01-16 Thread James Bennett 
If you can demonstrate a practical attack against Django's CSRF system,
feel free to email it to secur...@djangoproject.com.

On Tue, Jan 16, 2018 at 1:26 AM, Etienne Robillard 
wrote:

> Hi Stephan,
>
> I'm also interested to understand why I should have some form of CSRF
> protection for my wsgi app...
>
> perhaps recoding the Django 1.11 CSRF middleware into a proper WSGI
> application (CSRFController) would help.
>
> but seriously, i don't use/recommend the Django CSRF middleware because it
> does not improve security of forms processing.
>
>
> cheers,
>
> Etienne
>
>
>
> Le 2018-01-15 à 17:03, Stephan Doliov a écrit :
>
> Just curious, I recently went on a source code studying binge and took a
> look at the CSRF middleware that comes with Django. I appreciate the work
> and effort of the authors, but I am not sure I gain anything by deploying
> it to my site. Here is why:
> The middleware token assigned to a form and to a csrftoken cookie are
> ciphertexts of the same underlying key (by default, the underlying key is
> chosen as 32 randomly chosen (with replacement) chars from a set of 62
> chars. So the easy workaround can be done in one of two ways
>
> 1) Write a script that just harvests the middleware token from a form
> "protected" with such token and use the value of that as the csrftoken
> cookie.
> As the middlewaretoken is a cipher of the underlying token, obviously
> using the the same string as the value to the csrftoken cookie will satisfy
> the middleware's demand for authorization of the resource (e.g. POSTing to
> the form)
>
> 2) Learn the easy cipher algorithm the csrf middleware uses and present a
> csrf token cookie that will decode to the right value.
>
> In either case, I am not convinced that meaningful protection against CSRF
> types of requests are provided by the middleware. Am I missing something?
>
> Wouldn't it be more secure to just have middleware that whitelists as a
> series of origins (aka CORS) and then, unlike CORS, actually perform
> reverse lookups on the dns of the whitelisted domains? (Of course, this
> assumes that the hosts that might want to make cross-site requests ahve
> access to managing their reverse DNS).
>
> Am I missing something; or, if serving performance is a top goal of mine,
> should I just ditch the csrf middleware? (and maybe rate limit client
> requests to prevent DoS attacks)?
>
> Thanks,
> Steve
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-users/9c4a794f-aa9e-4c00-ba20-779ad7a87d2a%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> Etienne Robillardtkadm30@yandex.comhttps://www.isotopesoftware.ca/
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-users/95bba86c-ed2e-fd8d-e7da-2ec1b80c273c%40yandex.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAL13Cg9mhBTD-2CBB46cvv2N6gd0JzHA8g5o%2BgrG5ZrAmb-%3Dgg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Is CSRF middleware to be taken seriously (from a XSRF point of view)?

2018-01-16 Thread Etienne Robillard 
A much more practical way to improve security against XSRF attacks is 
using nginx.


Regards,

Etienne


Le 2018-01-16 à 04:38, James Bennett a écrit :
If you can demonstrate a practical attack against Django's CSRF 
system, feel free to email it to secur...@djangoproject.com 
.


On Tue, Jan 16, 2018 at 1:26 AM, Etienne Robillard > wrote:


Hi Stephan,

I'm also interested to understand why I should have some form of
CSRF protection for my wsgi app...

perhaps recoding the Django 1.11 CSRF middleware into a proper
WSGI application (CSRFController) would help.

but seriously, i don't use/recommend the Django CSRF middleware
because it does not improve security of forms processing.


cheers,

Etienne



Le 2018-01-15 à 17:03, Stephan Doliov a écrit :

Just curious, I recently went on a source code studying binge and
took a look at the CSRF middleware that comes with Django. I
appreciate the work and effort of the authors, but I am not sure
I gain anything by deploying it to my site. Here is why:
The middleware token assigned to a form and to a csrftoken cookie
are ciphertexts of the same underlying key (by default, the
underlying key is chosen as 32 randomly chosen (with replacement)
chars from a set of 62 chars. So the easy workaround can be done
in one of two ways

1) Write a script that just harvests the middleware token from a
form "protected" with such token and use the value of that as the
csrftoken cookie.
As the middlewaretoken is a cipher of the underlying token,
obviously using the the same string as the value to the csrftoken
cookie will satisfy the middleware's demand for authorization of
the resource (e.g. POSTing to the form)

2) Learn the easy cipher algorithm the csrf middleware uses and
present a csrf token cookie that will decode to the right value.

In either case, I am not convinced that meaningful protection
against CSRF types of requests are provided by the middleware. Am
I missing something?

Wouldn't it be more secure to just have middleware that
whitelists as a series of origins (aka CORS) and then, unlike
CORS, actually perform reverse lookups on the dns of the
whitelisted domains? (Of course, this assumes that the hosts that
might want to make cross-site requests ahve access to managing
their reverse DNS).

Am I missing something; or, if serving performance is a top goal
of mine, should I just ditch the csrf middleware? (and maybe rate
limit client requests to prevent DoS attacks)?

Thanks,
Steve
-- 
You received this message because you are subscribed to the

Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to django-users+unsubscr...@googlegroups.com
.
To post to this group, send email to
django-users@googlegroups.com .
Visit this group at https://groups.google.com/group/django-users
.
To view this discussion on the web visit

https://groups.google.com/d/msgid/django-users/9c4a794f-aa9e-4c00-ba20-779ad7a87d2a%40googlegroups.com

.
For more options, visit https://groups.google.com/d/optout
.


-- 
Etienne Robillard

tkad...@yandex.com 
https://www.isotopesoftware.ca/ 

-- 
You received this message because you are subscribed to the Google

Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to django-users+unsubscr...@googlegroups.com
.
To post to this group, send email to django-users@googlegroups.com
.
Visit this group at https://groups.google.com/group/django-users
.
To view this discussion on the web visit

https://groups.google.com/d/msgid/django-users/95bba86c-ed2e-fd8d-e7da-2ec1b80c273c%40yandex.com

.


For more options, visit https://groups.google.com/d/optout
.


--
You received this message because you are subscribed to the Google 
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to django-users+unsubscr...@googlegroups.com

Re: Running 2 django project in different port number at the same time.

2018-01-16 Thread Jani Tiainen 
Hi.

Please note that runserver command is only meant to ease developing your
site with Django. In development you can run development server like:

./manage.py runserver 127.0.0.1:8000
./manage.py runserver 127.0.0.2:8001

But when deploying your site(s) to production procedure is different and
depends which deployment model you do choose.

More information about production deployment:
https://docs.djangoproject.com/en/2.0/howto/deployment/



16.1.2018 9.48  kirjoitti:

> Define ip and port number is this link right :
> https://docs.djangoproject.com/en/dev/ref/django-admin/#
> examples-of-using-different-ports-and-addresses
>
> Where i have to enter this :django-admin runserver 1.2.3.4:8000
> to change its port number and ip ?
>
> On Tuesday, January 16, 2018 at 4:12:50 PM UTC+9, chern...@gmail.com
> wrote:
>>
>> Then what must i do if i wanted to do it for production side? Is there
>> any link/guide about how to change it ?
>>
>> On Tuesday, January 16, 2018 at 4:00:37 PM UTC+9, Antonis Christofides
>> wrote:
>>>
>>> Hello,
>>>
>>> DATABASES['...']['PORT'] is the port to which the database server is
>>> listening (your django app is a client of the database, and it connects to
>>> that port in order to access the database); it has nothing to do with what
>>> you want.
>>>
>>> AFAIK specifying the port number in "runserver" is the only way to do
>>> what you want in development.
>>>
>>> Production is a whole another story.
>>>
>>> Regards,
>>>
>>> Antonis
>>>
>>> Antonis Christofideshttp://djangodeployment.com
>>>
>>>
>>> On 2018-01-16 06:31, chern...@gmail.com wrote:
>>>
>>> As what the title said, is it possible to run 2 django project at the
>>> same time ?
>>>
>>> My task is this:
>>>  Integration of django 1 api and django 2 api, to setup two django app,
>>> on same server / PC, with different port
>>>
>>>
>>> As far from what i know, i can change the port number in the settings.py
>>> database section.
>>>
>>> DATABASES = {
>>> 'default': {
>>> 'ENGINE': 'django.db.backends.postgresql',
>>> 'NAME': 'Project',
>>> 'USER': 'admin',
>>> 'PASSWORD': 'pass1234',
>>> 'HOST': 'localhost',
>>> 'PORT': '',
>>> }
>>> }
>>>
>>> Do i change the port number here ? As default is http://127.0.0.1:8000/
>>>
>>> So i change the 'PORT': '8001', but got this error instead:
>>> could not connect to server: Connection refused (0x274D/10061)
>>> Is the server running on host "localhost" (127.0.0.1) and
>>> accepting
>>> TCP/IP connections on port 8001?
>>>
>>> Is there a way to set it up so i can run 2 different django project with
>>> different port number ?
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django-users...@googlegroups.com.
>>> To post to this group, send email to django...@googlegroups.com.
>>> Visit this group at https://groups.google.com/group/django-users.
>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>> gid/django-users/ae611f43-645f-42a9-a78b-a9ef6fd22eb7%40googlegroups.com
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>>
>>> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-users/90b356fd-e21d-4207-a6c0-99268c2b3692%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAHn91oc1ZbRafb-%2Bk5k7OjUFiEE9S0qKJZo7_3Pg6_aVp9Jc0A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: How to get two django rest framework to communicate with each other

2018-01-16 Thread Avraham Serour 
This shouldn't be a problem, I work with several people on the same django
app.
We use git to share the code. you can use a hosted git service like gitlab,
github or bitbucket


On Tue, Jan 16, 2018 at 9:58 AM,  wrote:

> Oh, but the thing is i am doing 1 project, and another person is doing
> other part of the project. And we have to integrate with each other. So we
> each have our own db.
>
> On Tuesday, January 16, 2018 at 2:34:01 PM UTC+9, Shree Kant Bohra wrote:
>>
>> You can use same database for both applications, so you don't have to
>> worry about the API and interacting with each other.
>>
>>
>> --
>> Shree Kant Bohra
>> Co-founder
>> Geekybuddha Technologies
>>
>>
>>
>>
>> On Tue, Jan 16, 2018 at 9:29 AM,  wrote:
>>
>>> Ok, maybe i'm confuse about this whole thing.
>>>
>>> So these are my task
>>> - Integration of django 1 api and django 2 api, to setup two django app,
>>> on same server / PC, with different port
>>> - Integration of django 1 api and django 2 api, to setup two django app,
>>> on same server / PC, with different database
>>> - Integration of django 1 api and django 2 api, on django api method on
>>> django 1 api, code to POST BookAppt
>>> - Integration of django 1 api and django 2 api, on django api method on
>>> django 2 apiI, code to GET BookAppt
>>> - Integration of django 1 api and django 2 api, on django api method,
>>> connect to another API
>>>
>>> May anyone please explain to me about connect to another api ? From my
>>> understanding, it is API connect to another API.Which allow django 1 api to
>>> POST to BookAppt and django 2 api to GET the data.
>>>
>>> On Monday, January 15, 2018 at 1:42:59 PM UTC+9, chern...@gmail.com
>>> wrote:

 So i have 2 django project. Both have its seperated database and table.
 I create the django rest framework api for both project but i want both of
 them to communicate with each other.


 In django 1 is about the social media and medical record app API. In
 django 2 is a clinic app API where the it is for staff of the clinic and
 collect user information from django 1 and to give a queue number for user
 that make appointment.


 What im trying to do is django 2 will have a qr code for django 1 to
 scan. After scanning, it will ask for permission to allow their information
 to be share with django 2(their user information/medical record). After
 user allow, their information will be save to django 2 database.

 For now, i just want to allow django 2 to save the user information
 from django 1.


 Is there a way for 2 different django project to communicate with each
 other through the api ?

>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "Django users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to django-users...@googlegroups.com.
>>> To post to this group, send email to django...@googlegroups.com.
>>> Visit this group at https://groups.google.com/group/django-users.
>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>> gid/django-users/c6589e9c-662c-4204-91ae-fe30ac2711f1%40googlegroups.com
>>> 
>>> .
>>>
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-users/86b4df03-9d91-4d30-94b1-77590de5e5af%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAFWa6tJU6BCf4y0YO1iqtqdsjt%3DN1GKtggQ8MOQGUVowazATPg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Running 2 django project in different port number at the same time.

2018-01-16 Thread Jason 
you need to configure your server to handle that pass through from web 
request to django.  With apache + mod_wsgi, it would be defined as a 
virtualhost in the conf files.  Nginx and gunicorn would be done in nginx 
configuration.

You could set it up such that

http://companyname.com/django-app-1/path/to/resource
http://companyname.com/django-app-2/path/to/resource

where /path/to/resource could be identical but would actually hit different 
projects deployed based in the django-app-[1,2] bit in the URL.

AVOID USING DEVSERVER FOR ANYTHING IN PRODUCTION

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/2e60e62c-3e58-477c-b6c1-80e4afc674f7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Django generate bar chart by reading CSV file data

2018-01-16 Thread sam kavuri 
Hi,

I am new to Django and working on some web project. I want to generate a 
dynamic bar chart (using Chart Js library) by reading CSV file data.

Could you please somebody help on this...

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/ce4a9de3-8252-4b1e-91ec-1658586607d7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Is CSRF middleware to be taken seriously (from a XSRF point of view)?

2018-01-16 Thread knbk 
Hi Steve,

First let's get into how cross-site request forgery works: when you are 
logged in to bank.com, your browser saves a session cookie and sends it 
with every request. Now when you visit evil.com, they may include a piece 
of javascript in their side that sends a POST request to bank.com/transfer/ 
to transfer $1000 from your account into theirs. Your browser executes the 
javascript, and happily sends a request to bank.com/transfer/ along with 
the transfer details and your session cookie. The session cookie 
authenticates the request as coming from you, so the bank has no reason to 
suspect that you didn't want to transfer the money. The issue here is that 
your browser sends the session cookie with *every *request. 

Django uses a so-called double submit cookie[1] to protect against CSRF 
attacks. This is a well-documented pattern for CSRF protection. In addition 
to the session cookie, a CSRF token cookie is set in the browser. This 
contains a randomly generated value that is unique to your browser. This 
value is also included as a form field (or a request header) in any POST 
request you make. When you send a request, Django checks if the two values 
are the same. If they are, then that proves (up to a point) that the 
request is from a party that has legitimate access to the token value. 
Barring any more extensive attacks (such as cross-site scripting), evil.com 
has no way to get the correct value of the CSRF token. Javascript executed 
on evil.com has no access to the cookies for bank.com, and opening a page 
from bank.com in e.g. an iframe also disallows access to the content of 
that iframe. Only a legitimate party (i.e. you filling in a form on 
bank.com) has access to the correct token and can submit the same secret as 
the one in the CSRF token cookie. 

As for the "cipher algorithm", this is actually just a padding algorithm to 
make the value randomized on each page load, while keeping the secret the 
same. You are right that anyone can reverse this, but that is not an issue. 
Randomizing the value prevents a class of attacks that includes BEAST, 
CRIME and BREACH attacks. These attacks work by injecting a value into the 
page in close proximity to the CSRF token (i.e. when a page displays a GET 
parameter) and seeing what effect it has on the compression of that page. 
If the compressed page becomes shorter, then the injected value likely has 
some values in common with the CSRF token. This allows for recovery of the 
secret token byte-by-byte, so that evil.com can bypass the CSRF protection 
in place. Randomizing the value, even if the original value is easily 
recovered, prevents this class of attacks entirely. 

I hope this gives you a better understanding of how CSRF protection works 
in Django. If you have any more questions feel free to ask here or on IRC 
(nick: knbk).

Marten


[1] 
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Double_Submit_Cookie

On Monday, January 15, 2018 at 11:03:22 PM UTC+1, Stephan Doliov wrote:
>
> Just curious, I recently went on a source code studying binge and took a 
> look at the CSRF middleware that comes with Django. I appreciate the work 
> and effort of the authors, but I am not sure I gain anything by deploying 
> it to my site. Here is why:
> The middleware token assigned to a form and to a csrftoken cookie are 
> ciphertexts of the same underlying key (by default, the underlying key is 
> chosen as 32 randomly chosen (with replacement) chars from a set of 62 
> chars. So the easy workaround can be done in one of two ways
>
> 1) Write a script that just harvests the middleware token from a form 
> "protected" with such token and use the value of that as the csrftoken 
> cookie.
> As the middlewaretoken is a cipher of the underlying token, obviously 
> using the the same string as the value to the csrftoken cookie will satisfy 
> the middleware's demand for authorization of the resource (e.g. POSTing to 
> the form)
>
> 2) Learn the easy cipher algorithm the csrf middleware uses and present a 
> csrf token cookie that will decode to the right value.
>
> In either case, I am not convinced that meaningful protection against CSRF 
> types of requests are provided by the middleware. Am I missing something?
>
> Wouldn't it be more secure to just have middleware that whitelists as a 
> series of origins (aka CORS) and then, unlike CORS, actually perform 
> reverse lookups on the dns of the whitelisted domains? (Of course, this 
> assumes that the hosts that might want to make cross-site requests ahve 
> access to managing their reverse DNS).
>
> Am I missing something; or, if serving performance is a top goal of mine, 
> should I just ditch the csrf middleware? (and maybe rate limit client 
> requests to prevent DoS attacks)?
>
> Thanks,
> Steve
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving em

Re: Is CSRF middleware to be taken seriously (from a XSRF point of view)?

2018-01-16 Thread knbk 
How does using nginx protect against CSRF attacks?

Marten

On Tuesday, January 16, 2018 at 10:49:21 AM UTC+1, Etienne Robillard wrote:
>
> A much more practical way to improve security against XSRF attacks is 
> using nginx.
>
> Regards,
>
> Etienne
>
> Le 2018-01-16 à 04:38, James Bennett a écrit :
>
> If you can demonstrate a practical attack against Django's CSRF system, 
> feel free to email it to secu...@djangoproject.com .
>
> On Tue, Jan 16, 2018 at 1:26 AM, Etienne Robillard  > wrote:
>
>> Hi Stephan,
>>
>> I'm also interested to understand why I should have some form of CSRF 
>> protection for my wsgi app... 
>>
>> perhaps recoding the Django 1.11 CSRF middleware into a proper WSGI 
>> application (CSRFController) would help.
>>
>> but seriously, i don't use/recommend the Django CSRF middleware because 
>> it does not improve security of forms processing. 
>>
>>
>> cheers,
>>
>> Etienne
>>
>>
>>
>> Le 2018-01-15 à 17:03, Stephan Doliov a écrit :
>>
>> Just curious, I recently went on a source code studying binge and took a 
>> look at the CSRF middleware that comes with Django. I appreciate the work 
>> and effort of the authors, but I am not sure I gain anything by deploying 
>> it to my site. Here is why: 
>> The middleware token assigned to a form and to a csrftoken cookie are 
>> ciphertexts of the same underlying key (by default, the underlying key is 
>> chosen as 32 randomly chosen (with replacement) chars from a set of 62 
>> chars. So the easy workaround can be done in one of two ways
>>
>> 1) Write a script that just harvests the middleware token from a form 
>> "protected" with such token and use the value of that as the csrftoken 
>> cookie.
>> As the middlewaretoken is a cipher of the underlying token, obviously 
>> using the the same string as the value to the csrftoken cookie will satisfy 
>> the middleware's demand for authorization of the resource (e.g. POSTing to 
>> the form)
>>
>> 2) Learn the easy cipher algorithm the csrf middleware uses and present a 
>> csrf token cookie that will decode to the right value.
>>
>> In either case, I am not convinced that meaningful protection against 
>> CSRF types of requests are provided by the middleware. Am I missing 
>> something?
>>
>> Wouldn't it be more secure to just have middleware that whitelists as a 
>> series of origins (aka CORS) and then, unlike CORS, actually perform 
>> reverse lookups on the dns of the whitelisted domains? (Of course, this 
>> assumes that the hosts that might want to make cross-site requests ahve 
>> access to managing their reverse DNS).
>>
>> Am I missing something; or, if serving performance is a top goal of mine, 
>> should I just ditch the csrf middleware? (and maybe rate limit client 
>> requests to prevent DoS attacks)?
>>
>> Thanks,
>> Steve
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-users...@googlegroups.com .
>> To post to this group, send email to django...@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/django-users.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-users/9c4a794f-aa9e-4c00-ba20-779ad7a87d2a%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>>
>> -- 
>> Etienne robillardtka...@yandex.com 
>> https://www.isotopesoftware.ca/
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-users...@googlegroups.com .
>> To post to this group, send email to django...@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/django-users.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-users/95bba86c-ed2e-fd8d-e7da-2ec1b80c273c%40yandex.com
>>  
>> .
>>  
>>
>>
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to django-users...@googlegroups.com .
> To post to this group, send email to django...@googlegroups.com 
> .
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/django-users/CAL13Cg9mhBTD-2CBB46cvv2N6gd0JzHA8g5o%2BgrG5ZrAmb-%3Dgg%40mail.gmail.com
>  
>

Re: Is CSRF middleware to be taken seriously (from a XSRF point of view)?

2018-01-16 Thread Etienne Robillard 

See this: https://www.owasp.org/index.php/SameSite

Cheers,

Etienne


Le 2018-01-16 à 10:36, knbk a écrit :

How does using nginx protect against CSRF attacks?

Marten

On Tuesday, January 16, 2018 at 10:49:21 AM UTC+1, Etienne Robillard 
wrote:


A much more practical way to improve security against XSRF attacks
is using nginx.

Regards,

Etienne


Le 2018-01-16 à 04:38, James Bennett a écrit :

If you can demonstrate a practical attack against Django's CSRF
system, feel free to email it to secu...@djangoproject.com
.

On Tue, Jan 16, 2018 at 1:26 AM, Etienne Robillard
> wrote:

Hi Stephan,

I'm also interested to understand why I should have some form
of CSRF protection for my wsgi app...

perhaps recoding the Django 1.11 CSRF middleware into a
proper WSGI application (CSRFController) would help.

but seriously, i don't use/recommend the Django CSRF
middleware because it does not improve security of forms
processing.


cheers,

Etienne



Le 2018-01-15 à 17:03, Stephan Doliov a écrit :

Just curious, I recently went on a source code studying
binge and took a look at the CSRF middleware that comes with
Django. I appreciate the work and effort of the authors, but
I am not sure I gain anything by deploying it to my site.
Here is why:
The middleware token assigned to a form and to a csrftoken
cookie are ciphertexts of the same underlying key (by
default, the underlying key is chosen as 32 randomly chosen
(with replacement) chars from a set of 62 chars. So the easy
workaround can be done in one of two ways

1) Write a script that just harvests the middleware token
from a form "protected" with such token and use the value of
that as the csrftoken cookie.
As the middlewaretoken is a cipher of the underlying token,
obviously using the the same string as the value to the
csrftoken cookie will satisfy the middleware's demand for
authorization of the resource (e.g. POSTing to the form)

2) Learn the easy cipher algorithm the csrf middleware uses
and present a csrf token cookie that will decode to the
right value.

In either case, I am not convinced that meaningful
protection against CSRF types of requests are provided by
the middleware. Am I missing something?

Wouldn't it be more secure to just have middleware that
whitelists as a series of origins (aka CORS) and then,
unlike CORS, actually perform reverse lookups on the dns of
the whitelisted domains? (Of course, this assumes that the
hosts that might want to make cross-site requests ahve
access to managing their reverse DNS).

Am I missing something; or, if serving performance is a top
goal of mine, should I just ditch the csrf middleware? (and
maybe rate limit client requests to prevent DoS attacks)?

Thanks,
Steve
-- 
You received this message because you are subscribed to the

Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails
from it, send an email to django-users...@googlegroups.com
.
To post to this group, send email to
django...@googlegroups.com .
Visit this group at
https://groups.google.com/group/django-users
.
To view this discussion on the web visit

https://groups.google.com/d/msgid/django-users/9c4a794f-aa9e-4c00-ba20-779ad7a87d2a%40googlegroups.com

.
For more options, visit https://groups.google.com/d/optout
.


-- 
Etienne Robillard

tka...@yandex.com 
https://www.isotopesoftware.ca/ 

-- 
You received this message because you are subscribed to the

Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from
it, send an email to django-users...@googlegroups.com
.
To post to this group, send email to
django...@googlegroups.com .
Visit this group at
https://groups.google.com/group/django-users
.
To view this discussion on the web visit

https://groups.google.com/d/msgid/django-users/95bba86c-ed2e-fd8d-e7da-2ec1b80c273c%40yandex.com

.


For more options, visit https://groups.g

Re: Is CSRF middleware to be taken seriously (from a XSRF point of view)?

2018-01-16 Thread knbk 
That does seem to be a good effort towards CSRF prevention. However, it's 
currently in draft status, and doesn't provide any protection if not 
supported by your browser. According to caniuse.com[1], the browsers 
supporting this feature currently occupy just under 60% of the browser 
market. About 40% of users would still be vulnerable to CSRF attacks. IMO 
that's too large a chunk of users to leave unprotected. 

When this feature reaches maturity it will likely be a good option to 
combat CSRF, but right now it doesn't provide adequate protection on its 
own. Django's CSRF middleware does provide protection for the remaining 
40%. 

Marten


[1] https://caniuse.com/#search=samesite

On Tuesday, January 16, 2018 at 6:19:17 PM UTC+1, Etienne Robillard wrote:
>
> See this: https://www.owasp.org/index.php/SameSite
>
> Cheers,
>
> Etienne
>
> Le 2018-01-16 à 10:36, knbk a écrit :
>
> How does using nginx protect against CSRF attacks?
>
> Marten
>
> On Tuesday, January 16, 2018 at 10:49:21 AM UTC+1, Etienne Robillard 
> wrote: 
>>
>> A much more practical way to improve security against XSRF attacks is 
>> using nginx.
>>
>> Regards,
>>
>> Etienne
>>
>> Le 2018-01-16 à 04:38, James Bennett a écrit :
>>
>> If you can demonstrate a practical attack against Django's CSRF system, 
>> feel free to email it to secu...@djangoproject.com.
>>
>> On Tue, Jan 16, 2018 at 1:26 AM, Etienne Robillard  
>> wrote:
>>
>>> Hi Stephan,
>>>
>>> I'm also interested to understand why I should have some form of CSRF 
>>> protection for my wsgi app... 
>>>
>>> perhaps recoding the Django 1.11 CSRF middleware into a proper WSGI 
>>> application (CSRFController) would help.
>>>
>>> but seriously, i don't use/recommend the Django CSRF middleware because 
>>> it does not improve security of forms processing. 
>>>
>>>
>>> cheers,
>>>
>>> Etienne
>>>
>>>
>>>
>>> Le 2018-01-15 à 17:03, Stephan Doliov a écrit :
>>>
>>> Just curious, I recently went on a source code studying binge and took a 
>>> look at the CSRF middleware that comes with Django. I appreciate the work 
>>> and effort of the authors, but I am not sure I gain anything by deploying 
>>> it to my site. Here is why: 
>>> The middleware token assigned to a form and to a csrftoken cookie are 
>>> ciphertexts of the same underlying key (by default, the underlying key is 
>>> chosen as 32 randomly chosen (with replacement) chars from a set of 62 
>>> chars. So the easy workaround can be done in one of two ways
>>>
>>> 1) Write a script that just harvests the middleware token from a form 
>>> "protected" with such token and use the value of that as the csrftoken 
>>> cookie.
>>> As the middlewaretoken is a cipher of the underlying token, obviously 
>>> using the the same string as the value to the csrftoken cookie will satisfy 
>>> the middleware's demand for authorization of the resource (e.g. POSTing to 
>>> the form)
>>>
>>> 2) Learn the easy cipher algorithm the csrf middleware uses and present 
>>> a csrf token cookie that will decode to the right value.
>>>
>>> In either case, I am not convinced that meaningful protection against 
>>> CSRF types of requests are provided by the middleware. Am I missing 
>>> something?
>>>
>>> Wouldn't it be more secure to just have middleware that whitelists as a 
>>> series of origins (aka CORS) and then, unlike CORS, actually perform 
>>> reverse lookups on the dns of the whitelisted domains? (Of course, this 
>>> assumes that the hosts that might want to make cross-site requests ahve 
>>> access to managing their reverse DNS).
>>>
>>> Am I missing something; or, if serving performance is a top goal of 
>>> mine, should I just ditch the csrf middleware? (and maybe rate limit client 
>>> requests to prevent DoS attacks)?
>>>
>>> Thanks,
>>> Steve
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Django users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to django-users...@googlegroups.com.
>>> To post to this group, send email to django...@googlegroups.com.
>>> Visit this group at https://groups.google.com/group/django-users.
>>> To view this discussion on the web visit 
>>> https://groups.google.com/d/msgid/django-users/9c4a794f-aa9e-4c00-ba20-779ad7a87d2a%40googlegroups.com
>>>  
>>> 
>>> .
>>> For more options, visit https://groups.google.com/d/optout.
>>>
>>>
>>> -- 
>>> Etienne Robillardtka...@yandex.comhttps://www.isotopesoftware.ca/
>>>
>>> -- 
>>> You received this message because you are subscribed to the Google 
>>> Groups "Django users" group.
>>> To unsubscribe from this group and stop receiving emails from it, send 
>>> an email to django-users...@googlegroups.com.
>>> To post to this group, send email to django...@googlegroups.com.
>>> Visit this group at https://groups.google.com/group/django-users.
>

If you extend the user model in Django using AbstractUser from one app within a project, how do you refer to it from a second app?

2018-01-16 Thread McKinley 


Are you able to have a foreign key relationship from a model within the app 
that does not contain the extended user model to the extended user model in 
the other app?

Is the only way to refer to the extended user model from the second app 
settings.AUTH_USER_MODEL?

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/cb1cb2a4-5a4a-40e5-91f1-e980fbddd439%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: If you extend the user model in Django using AbstractUser from one app within a project, how do you refer to it from a second app?

2018-01-16 Thread Jani Tiainen 
You should use settings way since it is preferred.

Since importing models to other models is considered bad thing to do.

In theory you could use string format directly but by doing that you couple
your other app with your app with custom user.

Is there a reason you would like to refer to it? Note that to get model in
other code than in model definitions there are helper functions in
django.contrib.auth.

16.1.2018 21.18 "McKinley"  kirjoitti:

> Are you able to have a foreign key relationship from a model within the
> app that does not contain the extended user model to the extended user
> model in the other app?
>
> Is the only way to refer to the extended user model from the second app
> settings.AUTH_USER_MODEL?
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-users/cb1cb2a4-5a4a-40e5-91f1-e980fbddd439%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAHn91oc%3DNa2npofrQfhMQS0SRJpR1dArg4UYc2KkvHxjcx_4Wg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: If you extend the user model in Django using AbstractUser from one app within a project, how do you refer to it from a second app?

2018-01-16 Thread McKinley 
Yes, the reason I would like to refer to the user model is so that I can 
associate a model in the second app with a user. When I created the first 
app with the extended user model I wasn't aware that I would not be able to 
decouple the auth model and the app-specific AbstractUser-inheriting model. 
It has become clear that that is the case. 

I would prefer not to use the string format directly, and will pursue 
utilizing the setting.AUTH_USER_MODEL approach. Hopefully this will suffice 
for my purposes. It is a shame that the original app is now less pluggable 
into another django project, but not the end of the world.


On Tuesday, January 16, 2018 at 11:25:48 AM UTC-8, Jani Tiainen wrote:
>
> You should use settings way since it is preferred.
>
> Since importing models to other models is considered bad thing to do.
>
> In theory you could use string format directly but by doing that you 
> couple your other app with your app with custom user.
>
> Is there a reason you would like to refer to it? Note that to get model in 
> other code than in model definitions there are helper functions in 
> django.contrib.auth.
>
> 16.1.2018 21.18 "McKinley" > kirjoitti:
>
>> Are you able to have a foreign key relationship from a model within the 
>> app that does not contain the extended user model to the extended user 
>> model in the other app?
>>
>> Is the only way to refer to the extended user model from the second app 
>> settings.AUTH_USER_MODEL?
>>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-users...@googlegroups.com .
>> To post to this group, send email to django...@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/django-users.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-users/cb1cb2a4-5a4a-40e5-91f1-e980fbddd439%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/7facc0b9-719c-4b24-81f8-59cc1d4fb09f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Simple file uploading app

2018-01-16 Thread Matemática A3K 
https://codereview.stackexchange.com/questions/124699/multi-threading-upload-tool

On Wed, Jan 10, 2018 at 11:46 AM, guettli  wrote:

>
>
> Am Dienstag, 9. Januar 2018 01:08:48 UTC+1 schrieb Mike Morris:
>>
>> Though it is not a Drupal app, there is an excellent drop box type app in
>> PHP called "Download Ticket Service"... simple, no frills, entirely
>> cross-platform and open:
>>
>> http://www.thregr.org/~wavexx/software/dl/
>> I have no idea if it could be readily incorporated into your app, but
>> just FYI
>>
>>
>
> Yes, this php project does a lot. My uploader does much less. But maybe we
> could agree on the basic http stuff...
>
>
>
> From their website:
>>
>> “dl” is a simple file sharing service for quick/one-off file transfers.
>> Upload a file to get a link you can share. Or create a sharing link to
>> receive files from others. The uploaded files are automatically removed
>> when left unused, requiring zero additional maintenance.
>>
>> “dl” is *built for your users*: easy to use with any browser, integrates
>> smoothly with Thunderbird
>>  for large
>> attachments, works on Android
>> , Windows, OSX
>>  or straight
>> from the command line
>> 
>>  for maximum convenience.
>>
>>
>>
>>
>>
>>
>> On 01/08/2018 04:16 AM, guettli wrote:
>>
>> Just for the records: Since I found no matching solution I wrote a
>> generic http upload tool: https://pypi.python.org/pypi/tbzuploader/
>>
>> For ftp there are thousands of clients, for automated upload via http I
>> found none. That's why I wrote above tool.
>>
>> Regards,
>>   Thomas
>>
>> Am Mittwoch, 25. Oktober 2017 16:57:31 UTC+2 schrieb guettli:
>>>
>>> I need a simple file uploading app.
>>>
>>> Every user should be able to upload files to his own area.
>>>
>>> This is the basic feature. You could think of additional goodies, but
>>> the first step is
>>> above feature.
>>>
>>> I tried to find an application which implements this, but failed.
>>>
>>> I tried this and other searches:
>>>
>>> https://djangopackages.org/search/?q=upload
>>>
>>>
>>> Before I start coding, I wanted to ask here, because I prefer re-using
>>> to re-inventing :-)
>>>
>>> Do you know an app which gives me this feature?
>>>
>>> Regards,
>>>   Thomas Güttler
>>>
>>>
>>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-users...@googlegroups.com.
>> To post to this group, send email to django...@googlegroups.com.
>> Visit this group at https://groups.google.com/group/django-users.
>> To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/django-users/016f37e6-3d91-40bc-bef5-8da625125117%40googlegroups.com
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-users/ea66ee06-b01c-4972-a3ce-db8089a5e7af%40googlegroups.com
> 
> .
>
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CA%2BFDnhKWLLNWdw08jw0hZ4G75yek3bnpSKH_Q%3D8OnJg44%2Bq-wQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Using the ModelAdmin.inlines class, there is no DELETE button

2018-01-16 Thread Matemática A3K 
According to https://code.djangoproject.com/ticket/15910:
"When adding a form to an inline formset in the admin interface it has a
nice "Remove" link added automatically. These links are however missing
from empty rows that have been created as a result from the "extra" option.
They are also removed when the form is saved and validation of the form as
a whole fails"

Could be that something is invalid and you are not rendering errors in the
template?

On Sat, Jan 13, 2018 at 11:12 AM, FernandoJMM 
wrote:

> Good Morning,
>
> I'm customizing the ModelAdmin class inlines attribute. The code is this.
>
> class NaveInline(admin.TabularInline):
> model = Nave
> fields = ['codigoNave', 'nave', 'tipoPuesta']
> ordering = ['codigoNave']
> extra = 1
>
>
> class GranjaAdmin(admin.ModelAdmin):
> fieldsets = [
> (None, {'fields': [('codigoGranja', 'granja'), ('empresa',
> 'tipoGranja'), ('regimen')]}),
> ('Datos adicionales', {'fields': [('direccion', 'localidad',
> 'codigoPostal',
> 'provincia', 'region', 'pais', 'telefonoPrincipal',
> 'telefonoMovil',
> 'fax', 'email', 'ceence','cea', 'maquina',
> 'clasificacionZootecnica',
> 'formaDeCria', 'notas')], 'classes': ['collapse']}),
> ]
>
> inlines = [NaveInline]
>
>
>
> . . . . . .
>
>
>
> Everything works perfectly, I can add granjas / naves, edit granjas /
> naves, and clear granjas. . but I can not do it is to delete naves that in
> this case are the lines (inlines).
>
> I do not get any errors, I can see the line selection check but the line
> deletion button DOES NOT APPEAR.
>
> Thanks for your help,
> Fernando
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-users/c21e2ff0-a1d0-4f83-b6c9-bc91a8d1e7e2%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CA%2BFDnh%2BwdiQvM550ZXQN2-xVybqCS98mC_xXFef7QWdpK4i6bQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Using the ModelAdmin.inlines class, there is no DELETE button

2018-01-16 Thread Matemática A3K 
On Tue, Jan 16, 2018 at 6:15 PM, Matemática A3K 
wrote:

> According to https://code.djangoproject.com/ticket/15910:
> "When adding a form to an inline formset in the admin interface it has a
> nice "Remove" link added automatically. These links are however missing
> from empty rows that have been created as a result from the "extra" option.
> They are also removed when the form is saved and validation of the form as
> a whole fails"
>
> Could be that something is invalid and you are not rendering errors in the
> template?
>
This is unlikely, you are not overriding the admin's template, right?



>
> On Sat, Jan 13, 2018 at 11:12 AM, FernandoJMM 
> wrote:
>
>> Good Morning,
>>
>> I'm customizing the ModelAdmin class inlines attribute. The code is this.
>>
>> class NaveInline(admin.TabularInline):
>> model = Nave
>> fields = ['codigoNave', 'nave', 'tipoPuesta']
>> ordering = ['codigoNave']
>> extra = 1
>>
>>
>> class GranjaAdmin(admin.ModelAdmin):
>> fieldsets = [
>> (None, {'fields': [('codigoGranja', 'granja'), ('empresa',
>> 'tipoGranja'), ('regimen')]}),
>> ('Datos adicionales', {'fields': [('direccion', 'localidad',
>> 'codigoPostal',
>> 'provincia', 'region', 'pais', 'telefonoPrincipal',
>> 'telefonoMovil',
>> 'fax', 'email', 'ceence','cea', 'maquina',
>> 'clasificacionZootecnica',
>> 'formaDeCria', 'notas')], 'classes': ['collapse']}),
>> ]
>>
>> inlines = [NaveInline]
>>
>>
>>
>> . . . . . .
>>
>>
>>
>> Everything works perfectly, I can add granjas / naves, edit granjas /
>> naves, and clear granjas. . but I can not do it is to delete naves that in
>> this case are the lines (inlines).
>>
>> I do not get any errors, I can see the line selection check but the line
>> deletion button DOES NOT APPEAR.
>>
>> Thanks for your help,
>> Fernando
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to django-users+unsubscr...@googlegroups.com.
>> To post to this group, send email to django-users@googlegroups.com.
>> Visit this group at https://groups.google.com/group/django-users.
>> To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/django-users/c21e2ff0-a1d0-4f83-b6c9-bc91a8d1e7e2%40googlegroups.com
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CA%2BFDnhKpHvZ7S1be6AaY0D-NaGnB4%2BjcqO8aVKb7aS_oS2GSww%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: I want to update records, I use View instated of UpdateView, is this right way ? can anyone tell me, is this right way or wrong?

2018-01-16 Thread Matemática A3K 
Does it work?

On Mon, Jan 15, 2018 at 5:05 AM, Amitkumar Satpute <
satpute.amitku...@gmail.com> wrote:

>
>1.
>2.
>3.
>4. views.py
>5. ---
>6. class UpdateUser(View):
>7. def post(self,request,pk):
>8. user=get_object_or_404(User,pk=pk)
>9. userinfo=get_object_or_404(UserCreation,user=user)
>10. user_form=UserUpdateForm(request.POST,instance=user)
>11. user_creation_form=UserCreationForm(request.POST,instance=userinfo)
>12. if user_form.is_valid() and user_creation_form.is_valid():
>13. user=user_form.save(commit=False)
>14. user.save()
>15. user_create=user_creation_form.save(commit=False)
>16. user_create.modified_date()
>17. user_create.save()
>18. return redirect('adminaccount:add_user')
>19. return render(request,'adminaccount/add_new_user.html',{'user_form'
>:user_form,'user_creation_form':user_creation_form,'btn':'Update'})
>20.
>21. def get(self,request,pk):
>22. user=get_object_or_404(User,pk=pk)
>23. userinfo=get_object_or_404(UserCreation,user=user)
>24. user_form=UserUpdateForm(instance=user)
>25. user_creation_form=UserCreationForm(instance=userinfo)
>26. return render(request,'adminaccount/add_new_user.html',{'user_form'
>:user_form,'user_creation_form':user_creation_form,'btn':'Update'})
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-users/ef2efcff-ed34-4fd6-8764-6af4aba4ad5a%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CA%2BFDnhJ6ZqzhZc-CR8n-R4yj_%2B_WjHt9AB7YYeT9ewCT11ROnw%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Can I test for count of a many to many field, in a Q query, along with other filters?

2018-01-16 Thread Mark London 
If I'm creating a query using Q, can I make one of Q tests, be a count of a 
manytomany field?I.e., one of the Q filters, should test to see if a 
specific manytomany field, has a count greater than 5,   I know that I can 
use annotate to test for count.   But can annotate be specified within a Q 
query?   

If not, can I make 2 separate queries, and combine them, and eliminate 
duplicates?

Thanks! - Mark 

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/198c6f85-ba4c-4f38-844f-cb8cc4d67772%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Django view not working for practice project

2018-01-16 Thread NorDe 
Context:

I am creating a website to house some webcomics I made as a project to 
practice Django. I am adapting Django's tutorial to create the site (
https://docs.djangoproject.com/en/2.0/intro/tutorial03/ About halfway down 
the page under "Write views that actually do something"). I am having some 
difficulty getting part of my view to work as expected.
Expectation:

What I see when I go to http://127.0.0.1:8000/futureFleet/ : latest_comic

What I want to see: A dictionary of my 2 comics.
Question:

I think I am doing something wrong at this line

context = {'latest_comic': latest_comic}. I am adapting this line from the 
tutorial. I think the line needs to be run to connect to the template. What 
do I do? What am I missing?
Models.py

class Comic(models.Model):
#title
comic_title_text = models.CharField(max_length=200)
#date
comic_pub_date = models.DateTimeField('comic date published')
#image
comic_location = models.CharField(max_length=200)
#explanation
comic_explanation_text = models.CharField(max_length=400, blank=True)

def __str__(self):
return self.comic_title_text

def was_published_recently(self):
return self.comic_pub_date >= timezone.now() - 
datetime.timedelta(days=1)

views.py

  def index(request):
latest_comic = Comic.objects.order_by('-comic_pub_date')[:2]
context = {'latest_comic': latest_comic}
return HttpResponse(context)
# return render(request, 'futureFleet/index.html', context) This sends to 
the template but doesn’t work at the moment

Database

"Welcome Aboard" "2018-01-15 21:02:54" 
"/home/user/Desktop/django/djangoFutureFleet/mysite/futureFleet/static/futureFleet/images/1.JPG"
 
"this is the first comic"

"Space Vaccine" "2018-01-15 23:02:22" 
"/home/user/Desktop/django/djangoFutureFleet/mysite/futureFleet/static/futureFleet/images/2.JPG"
 
"This is comic 2"

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/31674ff4-a2ab-4f2d-b6cb-9fc7ca9cf9cc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Django view not working for practice project

2018-01-16 Thread Jani Tiainen 
Hi.

Could you show your template also?

17.1.2018 6.03 "NorDe"  kirjoitti:

> Context:
>
> I am creating a website to house some webcomics I made as a project to
> practice Django. I am adapting Django's tutorial to create the site (
> https://docs.djangoproject.com/en/2.0/intro/tutorial03/ About halfway
> down the page under "Write views that actually do something"). I am having
> some difficulty getting part of my view to work as expected.
> Expectation:
>
> What I see when I go to http://127.0.0.1:8000/futureFleet/ : latest_comic
>
> What I want to see: A dictionary of my 2 comics.
> Question:
>
> I think I am doing something wrong at this line
>
> context = {'latest_comic': latest_comic}. I am adapting this line from the
> tutorial. I think the line needs to be run to connect to the template. What
> do I do? What am I missing?
> Models.py
>
> class Comic(models.Model):
> #title
> comic_title_text = models.CharField(max_length=200)
> #date
> comic_pub_date = models.DateTimeField('comic date published')
> #image
> comic_location = models.CharField(max_length=200)
> #explanation
> comic_explanation_text = models.CharField(max_length=400, blank=True)
>
> def __str__(self):
> return self.comic_title_text
>
> def was_published_recently(self):
> return self.comic_pub_date >= timezone.now() - 
> datetime.timedelta(days=1)
>
> views.py
>
>   def index(request):
> latest_comic = Comic.objects.order_by('-comic_pub_date')[:2]
> context = {'latest_comic': latest_comic}
> return HttpResponse(context)
> # return render(request, 'futureFleet/index.html', context) This sends to 
> the template but doesn’t work at the moment
>
> Database
>
> "Welcome Aboard" "2018-01-15 21:02:54" "/home/user/Desktop/django/
> djangoFutureFleet/mysite/futureFleet/static/futureFleet/images/1.JPG"
> "this is the first comic"
>
> "Space Vaccine" "2018-01-15 23:02:22" "/home/user/Desktop/django/
> djangoFutureFleet/mysite/futureFleet/static/futureFleet/images/2.JPG"
> "This is comic 2"
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-users/31674ff4-a2ab-4f2d-b6cb-9fc7ca9cf9cc%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CAHn91ofS3m0FNZTcUWBBZnZtO%3DeqS4pb66mn%3DLDnhtMQV_mQdQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Django http request to api error

2018-01-16 Thread cherngyorng 


As this is the first time I'm trying this out, I do not know what is wrong 
with the problem. So it would be great if someone can help me solve this 
problem


The code I'm using is at the bottom page of this website: 
https://www.twilio.com/blog/2014/11/build-your-own-pokedex-with-django-mms-and-pokeapi.html

Where it give example on how you can make HTTP request function and 
retrieve database on your query.


The code on the website is this.

*query.py*

import requestsimport json

BASE_URL = 'http://pokeapi.co'

def query_pokeapi(resource_url):
url = '{0}{1}'.format(BASE_URL, resource_url)
response = requests.get(url)

if response.status_code == 200:
return json.loads(response.text)
return None


charizard = query_pokeapi('/api/v1/pokemon/charizard/')

sprite_uri = charizard['sprites'][0]['resource_uri']
description_uri = charizard['descriptions'][0]['resource_uri']

sprite = query_pokeapi(sprite_uri)
description = query_pokeapi(description_uri)
print
charizard['name']print
description['description']print
BASE_URL + sprite['image']


In my edit, I only change these print line at the bottom of this

*query.py*

print(charizard['name'])print(description['description'])print(BASE_URL + 
sprite['image'])


But i got this error instead

Traceback (most recent call last): File "query2.py", line 46, in sprite_uri 
= charizard['sprites'][0]['resource_uri'] TypeError: 'NoneType' object is 
not subscriptable

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/af20ad33-1843-4fff-93fb-8681f7d5b88e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Django view not working for practice project

2018-01-16 Thread Matemática A3K 
views.py

>   def index(request):
> latest_comic = Comic.objects.order_by('-comic_pub_date')[:2]
>
> This has an implicit .all(), it's the same than doing

Comic.objects.all().order_by('-comic_pub_date')[:2]

Then you are slicing it for the first 2 records, that's why you see 2
records. Use .first() instead the slicing to get only one record (or
slice 1, [:1] or [0]). Your template code also support several
elements, you should check it


> context = {'latest_comic': latest_comic}
> return HttpResponse(context)
> # return render(request, 'futureFleet/index.html', context) This sends to 
> the template but doesn’t work at the moment
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CA%2BFDnh%2B6EWrryQE47qGAPZbvwEF0Zjt5oAS_4aukQQBe%2B8FzKg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Re: Django http request to api error

2018-01-16 Thread Matemática A3K 
On Wed, Jan 17, 2018 at 1:42 AM,  wrote:

> As this is the first time I'm trying this out, I do not know what is wrong
> with the problem. So it would be great if someone can help me solve this
> problem
>
>
> The code I'm using is at the bottom page of this website:
> https://www.twilio.com/blog/2014/11/build-your-
> own-pokedex-with-django-mms-and-pokeapi.html
>
> Where it give example on how you can make HTTP request function and
> retrieve database on your query.
>
>
> The code on the website is this.
>
> *query.py*
>
> import requestsimport json
>
> BASE_URL = 'http://pokeapi.co'
>
> def query_pokeapi(resource_url):
> url = '{0}{1}'.format(BASE_URL, resource_url)
> response = requests.get(url)
>
> if response.status_code == 200:
> return json.loads(response.text)
> return None
>
> If there is not a 200 response it returns None

>
>
>
> charizard = query_pokeapi('/api/v1/pokemon/charizard/')
>
>
It's because charizard is None

>
> sprite_uri = charizard['sprites'][0]['resource_uri']
>
> that can't do None['sprites']...

>
> description_uri = charizard['descriptions'][0]['resource_uri']
>
> sprite = query_pokeapi(sprite_uri)
> description = query_pokeapi(description_uri)
> print
> charizard['name']print
> description['description']print
> BASE_URL + sprite['image']
>
>
> In my edit, I only change these print line at the bottom of this
>
> *query.py*
>
> print(charizard['name'])print(description['description'])print(BASE_URL + 
> sprite['image'])
>
>
> But i got this error instead
>
> Traceback (most recent call last): File "query2.py", line 46, in
> sprite_uri = charizard['sprites'][0]['resource_uri'] TypeError:
> 'NoneType' object is not subscriptable
>
> And that's why the error


> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to django-users+unsubscr...@googlegroups.com.
> To post to this group, send email to django-users@googlegroups.com.
> Visit this group at https://groups.google.com/group/django-users.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/django-users/af20ad33-1843-4fff-93fb-8681f7d5b88e%40googlegroups.com
> 
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/CA%2BFDnhL16ko3%3Dcc%3D5f91t6_PKLcKPLNbK%3DEq-ap61G8GgYCRmA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Django with mongodb deploy on Google cloud

2018-01-16 Thread Ketul Suthar 
I have one app which has backend mongodb and it's has one script which insert 
data in database then when I start my app locally then it will give me result 
from db but when I deploy that app to Google cloud app is working but when I 
search any thing it's will give me errors

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/1ffd58a6-71ed-442d-92af-c2e0f981bfe7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Django http request to api error

2018-01-16 Thread cherngyorng 
May i know what does this means:

def query_pokeapi(resource_url):
url = '{0}{1}'.format(BASE_URL, resource_url)
response = requests.get(url)


the '{0}{1}' and resource_url


On Wednesday, January 17, 2018 at 3:02:06 PM UTC+9, Matemática A3K wrote:
>
>
>
> On Wed, Jan 17, 2018 at 1:42 AM, > wrote:
>
>> As this is the first time I'm trying this out, I do not know what is 
>> wrong with the problem. So it would be great if someone can help me solve 
>> this problem
>>
>>
>> The code I'm using is at the bottom page of this website: 
>> https://www.twilio.com/blog/2014/11/build-your-own-pokedex-with-django-mms-and-pokeapi.html
>>
>> Where it give example on how you can make HTTP request function and 
>> retrieve database on your query.
>>
>>
>> The code on the website is this.
>>
>> *query.py*
>>
>> import requestsimport json
>>
>> BASE_URL = 'http://pokeapi.co'
>>
>> def query_pokeapi(resource_url):
>> url = '{0}{1}'.format(BASE_URL, resource_url)
>> response = requests.get(url)
>>
>> if response.status_code == 200:
>> return json.loads(response.text)
>> return None
>>
>> If there is not a 200 response it returns None 
>
>>
>>
>>
>> charizard = query_pokeapi('/api/v1/pokemon/charizard/')
>>
>>
> It's because charizard is None 
>
>>
>> sprite_uri = charizard['sprites'][0]['resource_uri']
>>
>> that can't do None['sprites']...
>
>>
>> description_uri = charizard['descriptions'][0]['resource_uri']
>>
>> sprite = query_pokeapi(sprite_uri)
>> description = query_pokeapi(description_uri)
>> print
>> charizard['name']print
>> description['description']print
>> BASE_URL + sprite['image']
>>
>>
>> In my edit, I only change these print line at the bottom of this
>>
>> *query.py*
>>
>> print(charizard['name'])print(description['description'])print(BASE_URL + 
>> sprite['image'])
>>
>>
>> But i got this error instead
>>
>> Traceback (most recent call last): File "query2.py", line 46, in 
>> sprite_uri = charizard['sprites'][0]['resource_uri'] TypeError: 'NoneType' 
>> object is not subscriptable
>>
>> And that's why the error 
>  
>
>> -- 
>> You received this message because you are subscribed to the Google Groups 
>> "Django users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to django-users...@googlegroups.com .
>> To post to this group, send email to django...@googlegroups.com 
>> .
>> Visit this group at https://groups.google.com/group/django-users.
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/django-users/af20ad33-1843-4fff-93fb-8681f7d5b88e%40googlegroups.com
>>  
>> 
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/40d656ab-675b-4f8d-b163-c155054d037f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Running 2 django project in different port number at the same time.

2018-01-16 Thread cherngyorng 
wait, i configure the manage.py by inserting this

# Override default port for `runserver` command
from django.core.management.commands.runserver import Command as runserver

runserver.default_port = "8001"


Is this bad ?

On Tuesday, January 16, 2018 at 8:29:44 PM UTC+9, Jason wrote:
>
> you need to configure your server to handle that pass through from web 
> request to django.  With apache + mod_wsgi, it would be defined as a 
> virtualhost in the conf files.  Nginx and gunicorn would be done in nginx 
> configuration.
>
> You could set it up such that
>
> http://companyname.com/django-app-1/path/to/resource
> http://companyname.com/django-app-2/path/to/resource
>
> where /path/to/resource could be identical but would actually hit 
> different projects deployed based in the django-app-[1,2] bit in the URL.
>
> AVOID USING DEVSERVER FOR ANYTHING IN PRODUCTION
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-users/96d392d5-a3db-4d33-9e4f-5318402038a6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.