django – Page 2 – WindowsTechs.com

Why famouse frameworks like django (And probably Rails) use both synchronizer pattern and Origin/Referer header checks for preventing CSRF attacks?

Posted on July 10, 2022 by user14096467

I see in the source code of Django that they do use both synchronizer token pattern and Origin/Referer header checks. I understand that if you are using the double-submit technique via cookie the following attack will work and you need to … Continue reading Why famouse frameworks like django (And probably Rails) use both synchronizer pattern and Origin/Referer header checks for preventing CSRF attacks?→

How to access CSRF token in fronted when API is on different domain?

Posted on June 3, 2022 by atskdev

I am building a website with a separate Javascript frontend and a Django backend. My backend uses CSRF protection.
Now the problem is that the CSRF token is being set on the client side as a cookie on the backend’s domain, e.g. api.example… Continue reading How to access CSRF token in fronted when API is on different domain?→

Image uploading in a web-application

Posted on May 15, 2022 by salazar324

We are developing an MVC web-application in Django and having concerns about image uploading. We’ve done some research on this topic and came up with a setup we want to share here for advices and critique.
First of all, here are our busine… Continue reading Image uploading in a web-application→

Which is more secure and better practice? Setting up a reverse proxy on backend with localhost or on a separate VM and route to other VMs/services?

Posted on May 11, 2022 by CapacityVirus

I wanna know if it’s better in terms of security, availability and best practice to set up a nginx reverse proxy on my backend and use it with localhost or to set up a VM that handles everything for me.
I assume that using a separate VM wi… Continue reading Which is more secure and better practice? Setting up a reverse proxy on backend with localhost or on a separate VM and route to other VMs/services?→

Should email password be encrypted in a django app when using TLS?

Posted on September 23, 2021 by Hector Ordonez

I have seen multiple videos/tutorials regarding how to setup the email system in Django.
It seems that they all assume as long as the password is stored in an environmental variable, no encryption is required.
Is that so? Shouldn’t passwor… Continue reading Should email password be encrypted in a django app when using TLS?→

Do I need to authenticate a user on WhatsApp when using twilio?

Posted on September 15, 2021 by chaulap

We are building an online shop using django. We have developed an API for our application to interact with Twilio. This is so users can buy products on WhatsApp from our application. I want to know what could go wrong with this setup.
When… Continue reading Do I need to authenticate a user on WhatsApp when using twilio?→

Django File Validation

Posted on September 7, 2021 by RedWheelbarrow

I’ m building a REST API with Django and Django Rest Framework. I allow users to upload images and videos using different subclasses of ModelSerializer. When a file is received, the server saves it to a temporary file on the disk (with Dja… Continue reading Django File Validation→

Is there any reason to block HEAD requests?

Posted on July 2, 2021 by heds1

Apologies if this isn’t the right place to ask this. I occasionally get alerts from my Django website along these lines:

Internal Server Error: /posts/specific-post/

UnboundLocalError at /posts/specific-post/
local variable ‘comment_for… Continue reading Is there any reason to block HEAD requests?→

Concerning GET request in logs

Posted on May 11, 2021 by MattG

I have a Django application running on a Digital Ocean Ubuntu server. I am using NGINX and Daphne to serve the application because I am using Django Channels.
My websockets keep crashing, and I noticed in the logs when the crash occurs, th… Continue reading Concerning GET request in logs→

2FA with blower.io SMS

Posted on February 7, 2021 by Jonatan

I’m currently planning to deploy a project on Heroku and was wondering if it is safe to send 2FA sms messages with the blower.io heroku addon?
Also is it safe/ok to send a short lived authentication code by sms or is there any way to send … Continue reading 2FA with blower.io SMS→