[Gelistirici] [paketler-commits] r35120 - in devel/programming/languages/python/Django: . files
S.Çağlar Onur
caglar at pardus.org.tr
23 Mayıs 2008 Cum 22:44:56 EEST
Eren;
13 Kas 2007 Sal tarihinde, paketler-commits at pardus.org.tr şunları yazmıştı:
> Author: erenturkay
> Date: Tue Nov 13 05:41:04 2007
> New Revision: 35120
>
> Added:
>
> devel/programming/languages/python/Django/files/enable-csrf-protecting-by-d
>efault.patch Modified:
> devel/programming/languages/python/Django/pspec.xml
> Log:
> Huh, ninjas are working :), we love Pardus, we love Django!
>
> * Enable csrf protecting middleware by default, when user creates a
> project, csrf middleware will be automatically added.
>
> * See the page for understanding what csrf is;
>
> http://www.securityfocus.com/archive/1/482983 (PoC is available)
> http://www.djangoproject.com/documentation/csrf/
Bu yama hatalı buna [1] göre hatalı, daha doğrusu yanlış sırada;
[...]
To activate this CSRF protection,
add 'django.contrib.csrf.middleware.CsrfMiddleware' to the MIDDLEWARE_CLASSES
setting in your settings file. This middleware needs to process the response
after SessionMiddleware, so CsrfMiddleware must appear before
SessionMiddleware in the list (because the response middleware is processed
last-to-first). Also, it must process the response before the response gets
compressed or otherwise mangled, so CsrfMiddleware must come after
GZipMiddleware. Once you’ve added that to your MIDDLEWARE_CLASSES setting,
you’re done. See the section “Order of MIDDLEWARE_CLASSES” in Chapter 13 for
more explanation.
[...]
[1] http://www.djangobook.com/en/1.0/chapter14/
--
S.Çağlar Onur <caglar at pardus.org.tr>
http://cekirdek.pardus.org.tr/~caglar/
Linux is like living in a teepee. No Windows, no Gates and an Apache in house!
-------------- sonraki bölüm --------------
A non-text attachment was scrubbed...
Name: kullanılamıyor
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://liste.pardus.org.tr/gelistirici/attachments/20080523/df14c3da/attachment-0002.pgp>
Gelistirici mesaj listesiyle ilgili
daha fazla bilgi