Re: Purpose of constant_time_compare?

You wanna hand over your paycheck now, or later? :-) I know someone with a functional white-hat timing attack script sitting on their laptop. They've been honing the statistical analysis to get the number of data points needed down to a less noticeable size, but the technique can already be

Re: django.contrib.admin and null=True

On Dec 9, 1:57 pm, schinckel wrote: > On Dec 8, 2:02 pm, nasp wrote: > > > You might consider > > readinghttp://docs.djangoproject.com/en/dev/ref/models/fields/#null. > > Thanks: that was the link I needed. > > However, I do take exception with the

Re: django.contrib.admin and null=True

On Dec 8, 9:24 pm, -RAX- wrote: > By default Admin saves an empty string in those TextFields and > CharFields defined as null = True. > > Whatever the semantic reasons are, this default behavior creates > problems in those fields which are both unique = True and null =

Re: django.contrib.admin and null=True

On Dec 8, 2:02 pm, nasp wrote: > You might consider > readinghttp://docs.djangoproject.com/en/dev/ref/models/fields/#null. Thanks: that was the link I needed. However, I do take exception with the comment: If a string-based field has null=True, that means it has two

Re: django.contrib.admin and null=True

On Dec 8, 9:28 pm, Andrew Godwin wrote: > On 07/12/10 23:26, schinckel wrote: > > > > > > > I haven't been able to find any documentation about this, but would be > > happy to be pointed in the right direction. > > > When you use null=True in a field, and then use that model

Re: Purpose of constant_time_compare?

Your paycheck is safe. It is a hypothetical attack, yes. Only observed under very specific conditions (with a comparator deliberately and parametrically slowed down - see the actual TR for details). Best reported resolution for this attack across a WAN has been microsecond resolution (still

Re: Purpose of constant_time_compare?

Yea... in reality I'd bet my paycheck that the answer is no. Despite Coda's blog post, you can't use the jitter in HTTP requests to gain any insight into where a string match fails. Even if you could do so with hundreds of requests, it's fairly obvious that an attack is taking place when you get

Re: How to concatenate strings in django templates?

On Wed, Dec 8, 2010 at 8:27 PM, Javier Guerra Giraldez wrote: > On Wed, Dec 8, 2010 at 5:39 AM, Muhammad Ahsan > wrote: >> {% extend shop/shop_name/base.html %} > > shop/{{shop_name}}/base.html > > > ... and this is the wrong list If you're going

Re: Purpose of constant_time_compare?

On Wed, Dec 8, 2010 at 3:08 PM, Jonas H. wrote: > Hello out there, > > what is the point of `django.utils.crypto.constant_time_compare`? I > understand it takes O(n) time no matter what input it is feeded with, but of > what avail is it? > > Can the time spent in *one single

Re: Purpose of constant_time_compare?

On Dec 8, 2010, at 12:08 PM, Jonas H. wrote: > Can the time spent in *one single string comparison* really make such a huge > difference? Yes. http://codahale.com/a-lesson-in-timing-attacks/ -- -- Christophe Pettus x...@thebuild.com -- You received this message because you are

Purpose of constant_time_compare?

Hello out there, what is the point of `django.utils.crypto.constant_time_compare`? I understand it takes O(n) time no matter what input it is feeded with, but of what avail is it? Can the time spent in *one single string comparison* really make such a huge difference? Confused, Jonas --

Re: How to concatenate strings in django templates?

You can put variable with needed path from view or url to your template. 08.12.2010 17:23 пользователь "Muhammad Ahsan" написал: I want to concatenate string in django template tag like {% extend shop/shop_name/base.html %} here shop_name is my variable and i want

Re: How to concatenate strings in django templates?

On Wed, Dec 8, 2010 at 5:39 AM, Muhammad Ahsan wrote: > {% extend shop/shop_name/base.html %} shop/{{shop_name}}/base.html ... and this is the wrong list -- Javier -- You received this message because you are subscribed to the Google Groups "Django developers"

Re: call_command retval

If it does not exist; create a ticket. +1 on both points On Dec 7, 4:13 pm, Marco Paolini wrote: > I think call_command should return something significant > to let the caller know if the command was successful or not. > > Another issue ralated to this is: having an

Re: django.contrib.admin and null=True

By default Admin saves an empty string in those TextFields and CharFields defined as null = True. Whatever the semantic reasons are, this default behavior creates problems in those fields which are both unique = True and null = True because by saving an empty string they do not respect that null

How to concatenate strings in django templates?

I want to concatenate string in django template tag like {% extend shop/shop_name/base.html %} here shop_name is my variable and i want to concatenate this with rest of path. suppese i have shop_name=example.com and i want result to extend shop/example.com/base.html plz help. thanx in advance

Re: django.contrib.admin and null=True

On 07/12/10 23:26, schinckel wrote: I haven't been able to find any documentation about this, but would be happy to be pointed in the right direction. When you use null=True in a field, and then use that model in the admin, it will not save NULL to the database, but will instead save an empty