> Backwards compatibility is the bigger concern here.
I understand that, I believe there is always a way, because prior to 2008 when
I switched to Django, I was commiter on a PHP library group that not only had
the best code quality: but COMMITS to maintaining BC. Code that I have made
prior to
Hi,
But when you are making a governmental website for example: you need
actual identity.
Django makes it possible (I'd even say easy) to setup your forms /
models to enforce stricter requirements if you have to. We don't have to
treat these cases as the default. Backwards compatibility is t
> This may be true - not all people have first_name & last_name or want to use
> them online. But it's also convenient to be able to call a person by their
> first name, and also allow them to use their full name on the website.
I completely agree with you, for example on dating sites like speed
Opened an issue on the OWASP project, reporting the reasoning of the consensus
made on this mailing list as best as I could:
https://github.com/OWASP/CheatSheetSeries/issues/472
Please feel free to comment or request changes on the issue.
--
You received this message because you are subscribed
> Input validation is performed to ensure only properly formed data is entering
> the workflow in an information system, preventing malformed data from
> persisting in the database and triggering malfunction of various downstream
> components. Input validation should happen as early as possible
And I'm sorry if I offended Mister alert("pwnd") :)
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django itself)" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-developers+unsu
Thanks for the comment Florian, it's just basic hygiene really, don't leave
open ports you don't need, never trust user inputs for characters they don't
need, and so on.
--
You received this message because you are subscribed to the Google Groups
"Django developers (Contributions to Django it
On Wednesday, August 19, 2020 at 2:01:51 AM UTC+2 cur...@tinbrain.net wrote:
> Seems related to something I learned early in my web career... about not
> storing values escaped, because you don't know which medium it needs
> escaping for -- e.g. HTML needs different escaping than URLs.
>
Exac
On Tue, Aug 18, 2020 at 12:26 PM Adam Johnson wrote:
>
> The only change we should be making is moving from separate first_name +
> last_name fields to solely a name field, since *many* people don't fit into
> that. I think there's a ticket, but there are massive backwards
> compatibility concern
Just my 0.02 $CURRENCY...
Interesting they're limiting the input for a security issue [at least from the
example] that manifest from not escaping _output_.
Seems related to something I learned early in my web career... about not
storing values escaped, because you don't know which medium it nee
elopers@googlegroups.com> *On Behalf Of *Adam Johnson
> *Sent:* Tuesday, August 18, 2020 4:26 AM
> *To:* django-developers@googlegroups.com
> *Subject:* Re: Django default input validation accepts special caracters
>
>
>
> I am against adding validation here. See the classic *Fa
and for all.
From: django-developers@googlegroups.com
On Behalf Of Adam Johnson
Sent: Tuesday, August 18, 2020 4:26 AM
To: django-developers@googlegroups.com
Subject: Re: Django default input validation accepts special caracters
I am against adding validation here. See the classic Falsehoods
Well, at least in my country there's a law that tells what characters are
allowed in names, anyway, a single name field would be cool but off topic here:
"first name" was used here as an example to illustrate that Django projects are
audited as insecure because there is no input validation at al
I am against adding validation here. See the classic *Falsehoods
Programmers Believe About Names*:
https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/
.
Here are some characters that have caused security issues in the past (e.g.
URL bar display), but I'd reckon are leg
Hello!
Maybe some `special_characters` bool field on models.CharField with default
to `False` would do the job?
wt., 18 sie 2020 o 10:36 '1337 Shadow Hacker' via Django developers
(Contributions to Django itself)
napisał(a):
> Currently, when you order a security audit on a Django project from
Currently, when you order a security audit on a Django project from any of the
firms I've seen so far (including my own), all inputs fall short on stuff like:
"First name input: allows special caracters such as <>/"' which may cause a
security issue with further developments done on the same dat
16 matches
Mail list logo
