-->

Software engineering facts, information, and skills categorized as Django

Cross-Site Request Forgery (CSRF) in simple words

Priya Philip 7 months ago

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.

Is autoescape off in django safe?

Priya Philip 10 months, 2 weeks ago

The autoescape would be a protection against cross site scripting, not sql injection. Turning autoescape off would mean you trust what is in "text", wherever it came from, not to be malicious, (ie, it should be impossible for a user to create or modify what is in text). If that assumption is valid, then you are safe against cross site scripting, otherwise, that is a security hole.

Categories:
Django Python
Stats:

HttpRequest methods

Priya Philip 11 months ago
HttpRequest represents an incoming HTTP request, including all HTTP headers and user-submitted data

HttpRequest attributes

Priya Philip 11 months ago

Django uses request and response objects to pass state through the system. When a page is requested, Django creates an HttpRequest object that contains metadata about the request. Then Django loads the appropriate view, passing the HttpRequest as the first argument to the view function. Each view is responsible for returning an HttpResponse object.

Infinite iterators in Python

Priya Philip 11 months, 2 weeks ago

An object representing a stream of data. Repeated calls to the iterator’s __next__() method (or passing it to the built-in functionnext()) return successive items in the stream. When no more data are available a StopIteration exception is raised instead. At this point, the iterator object is exhausted and any further calls to its __next__() method just raise StopIteration again. Iterators are required to have an __iter__() method that returns the iterator object itself so every iterator is also iterable and may be used in most places where other iterables are accepted. One notable exception is code which attempts multiple iteration passes. A container object (such as a list) produces a fresh new iterator each time you pass it to the iter() function or use it in a for loop. Attempting this with an iterator will just return the same exhausted iterator object used in the previous iteration pass, making it appear like an empty container.

__str__ vs __repr__ in Python

Priya Philip 11 months, 2 weeks ago

Both __repr__ and __str__ are used to represent objects in different ways.The default implementation of __repr__ for a str value can be called as an argument to eval, and the return value would be a valid string object.

Difference between null=True, blank=True in django

Priya Philip 2 years, 3 months ago

The main differnce for null and blank is 

What is @permalink and get_absolute_url in Django?

Varghese Chacko 2 years, 3 months ago

What is @permalink and get_absolute_url in Django? When and why to use it?

Configure Amazon S3 for Mezzanine - a Django Blog engine

Varghese Chacko 2 years, 3 months ago

Amazon S3 is an efficient static file storage system for its services and relatively cheap. On the other hand Django is a nice web development framework that doesn't like to handle static files. Mezzanine is a popular blog engine  built in Django. Since Django doesn't like to handle static files on production systems, we always have to configure a web server like nginx or apache webserver to serve static files. On the other hand, its easy to host static files to Amazon S3. The S3 configuration for static files is easy, but saving user uploaded files for Django web app may raise some permission issues. Here is how we have configured the Django-S3-Mezzanine blog.

Let us talk!

We take the vision which comes from dreams and apply the magic of science and mathematics, adding the heritage of our profession and our knowledge to create a design.