Re: ConditionalGetMiddleware MD5

2020-09-10 Thread Taymon A. Beal
That attack doesn't work with the recommended production setup because Django doesn't serve uploaded files in that setup. That being said, some users might be doing that anyway since setting up production-worthy upload hosting is such a pain, and even if they don't, they might have other views

Re: ConditionalGetMiddleware MD5

2020-09-10 Thread Francisco Couzo
User 1 uploads a file User 2 downloads it, and caches it User 1 uploads a new file to the same URL, with the same MD5 hash User 2 will keep using the old file indefinitely Sure, user 1 has to upload two files with the same hash on purpose On Thu, Sep 10, 2020 at 11:07 AM Adam Johnson wrote: >

Re: ConditionalGetMiddleware MD5

2020-09-10 Thread Adam Johnson
What would this protect against? On Thu, 10 Sep 2020 at 03:56, Francisco Couzo wrote: > I think it would be a good idea to make ConditionalGetMiddleware use a > hash function that's not as easy to find a collision as MD5, most probably > SHA-256 or BLAKE2. > I don't see a problem with just

ConditionalGetMiddleware MD5

2020-09-10 Thread Francisco Couzo
I think it would be a good idea to make ConditionalGetMiddleware use a hash function that's not as easy to find a collision as MD5, most probably SHA-256 or BLAKE2. I don't see a problem with just changing it, it will just invalidate the old cache. If there's an agreement on changing the hash

Re: What the purpose of having function that is not working correctly?

2020-09-10 Thread Florian Apolloner
On Thursday, September 10, 2020 at 11:16:56 AM UTC+2 Alexander Lyabah wrote: > The problem with the function is that it is actually working, but not > always, and because of that, other people are suggesting it on > StackOverflow, using it in prod, and may, eventually catch weird > exceptions,

Re: What the purpose of having function that is not working correctly?

2020-09-10 Thread אורי
On Thu, Sep 10, 2020 at 12:17 PM Alexander Lyabah wrote: > > Also, want to say it again, English is not my first language, and some > words may sound not polite at all. It is not my intention, I respect all > the work you have done with Django, and very thankful for continue working > on it. >

Re: What the purpose of having function that is not working correctly?

2020-09-10 Thread Mariusz Felisiak
We also have other related tickets #24803 and #24991. Please take a look at the last PR and feel-free to continue it, if you really want to fix these

Re: What the purpose of having function that is not working correctly?

2020-09-10 Thread Alexander Lyabah
I'm sorry for not being polite. Believe my I love what you have built already and what to support in any way I can. My question is exactly what is in the subject is, it is not some kind of clickbait. I've done some research before, and I understand the complexity of the task you want to

Re: What the purpose of having function that is not working correctly?

2020-09-10 Thread Moses Mugisha
+1 On Thu, Sep 10, 2020, 11:35 AM Adam Johnson wrote: > What the purpose of having function that is not working correctly? >> > > You'll go further in life if you use more descriptive, less inflammatory > subjects. > > Also it's polite to search the ticket tracker for related issues before >

Re: What the purpose of having function that is not working correctly?

2020-09-10 Thread Adam Johnson
> > What the purpose of having function that is not working correctly? > You'll go further in life if you use more descriptive, less inflammatory subjects. Also it's polite to search the ticket tracker for related issues before posting on the list. This is the relevant ticket:

What the purpose of having function that is not working correctly?

2020-09-10 Thread Alexander Lyabah
What the purpose of having function that is not working correctly, when you may not have this function at all and thing is changed. I'm talking here about function Query.__str__ Bellow I show you an example: In [19]: str(TimelineEvent.objects.filter(id__gt=100).query) Out[19]: 'SELECT

Re: Pendolumn

2020-09-10 Thread Adam Johnson
The Pendulum README has an example model field class: https://github.com/sdispater/pendulum#limitations On Thu, 10 Sep 2020 at 08:22, Roger Gammans wrote: > On Tue, 2020-09-08 at 18:01 -0700, Damiano Porta wrote: > > Hello everybody! > Can I use Pendolumn (https://pendulum.eustace.io/) as

Re: Pendolumn

2020-09-10 Thread Roger Gammans
On Tue, 2020-09-08 at 18:01 -0700, Damiano Porta wrote: > Hello everybody!Can I use Pendolumn (https://pendulum.eustace.io/) as > default datetime library for my models? You probably want to write a custom DateTimeField subclass and override to_python(). Pendolumn date times claim to be stdlib