Re: Homakov-esque Django Vulnerabilities

On 2012-03-07, at 07:53 , Peter Murphy wrote: > > > On Mar 7, 10:13 am, Donald Stufft wrote: >> >> For what it's worth in the context of the Homakov exploit, this has been a >> well known vulnerability by the rails core for years >> that they've basically said "not

Re: Homakov-esque Django Vulnerabilities

On Mar 7, 10:13 am, Donald Stufft wrote: > > For what it's worth in the context of the Homakov exploit, this has been a > well known vulnerability by the rails core for years > that they've basically said "not our problem, configure your app better" the > entire time.

Re: Homakov-esque Django Vulnerabilities

On Tuesday, March 6, 2012 at 7:11 PM, Russell Keith-Magee wrote: > > On 07/03/2012, at 7:55 AM, Joey Espinosa wrote: > > > I agree with you on some of your points. Security can be improved if people > > would email the support team INSTEAD OF filing a bug report (this goes for > > any

Re: Homakov-esque Django Vulnerabilities

On 07/03/2012, at 7:55 AM, Joey Espinosa wrote: > I agree with you on some of your points. Security can be improved if people > would email the support team INSTEAD OF filing a bug report (this goes for > any project), so that the teams know about security bugs before anybody else > finds

Re: Homakov-esque Django Vulnerabilities

I agree with you on some of your points. Security can be improved if people would email the support team INSTEAD OF filing a bug report (this goes for any project), so that the teams know about security bugs before anybody else finds them. However, if there's a default setting or commonly set

Re: Homakov-esque Django Vulnerabilities

On 06/03/2012, at 8:31 PM, Joey Espinosa wrote: > In light of all the recent talk about Egor Homakov's commandeering of GitHub > by exploiting a default Rails setting, are there any such "gotcha" security > defaults or common settings/conventions in Django you can think of that could > cause