Is it safe to keep Django template strings inside a TextField of a Django
model and allow users with staff privileges to edit them?
I'm asking because I'm unsure how safe/dangerous this could be. Would it be
possible to abuse a built-in templatetag to execute arbitrary code on the
server?
What
Ah, I see what you mean about sending things in plaintext over SSL.
You're right, that would be a lot simpler.
That said, I think I can handle the API keys with one model plus less
than a dozen lines of verification code, so it's not a huge burden. I
just don't have a whole lot of experience devi
Yeah, I understand that the data doesn't need to be encrypted. I just
agree with you that SSL would be ideal.
If you had SSL, then I don't think you'd need to work as hard with the
public/private key hashing stuff. If all the transmitted data was
encrypted (SSL) you could just send a clear-text pa
By app-level solution you mean some sort of custom encryption /
decryption scheme for the data dictionaries?
I'm still not convinced the data needs encryption -- I mean, it
wouldn't hurt and in an ideal world I'd just push everything over SSL,
but the worst thing that happens if someone gets hold
It might be worth a try to see if the self-signed cert gets you into
trouble or not. Some url libraries might complain about it, but I
don't think that the behavior is universal. As I think about it, I
think it is normally browsers that whine about self-signed certs.
Maybe the other server wouldn't
Not a bad idea, actually, but the other site is on shared hosting, so
I don't expect the host to be willing to add a self-signed cert as
trusted.
On May 24, 10:07 am, Alex Robbins
wrote:
> Just a thought, but if you are the only person using the url, you
> could make your own self-signed securi
Just a thought, but if you are the only person using the url, you
could make your own self-signed security cert. It would be free and
protect your data. It won't show up as trusted to users, but your
other server can be set to accept it. (Assuming the lack of ssl is a
budget issue, that wouldn't fi
Hi folks --
I'm putting together a simple API to allow a separately-hosted but
trusted site to perform a very limited set of actions on my site. I'm
wondering whether the design I've come up with is reasonably secure:
- Other site gets an API key, which is actually in two parts, public
key and p
d eventually write to) that
> application server. Now the security question arises. The proposal is
> to have
> - the webserver in a DMZ 1
> - the Django application server in a DMZ 2
> - our internal LAN as another network
> Then we allow very limited requests from DMZ 1 into DMZ 2 and
Dear all,
we are using Django as an application server. Now we want our website
server to be able to read from (and eventually write to) that
application server. Now the security question arises. The proposal is
to have
- the webserver in a DMZ 1
- the Django application server in a DMZ 2
- our
10 matches
Mail list logo