Simon Willison’s Weblog

Items tagged security, python in 2007

Filters: Year: 2007 × security × python ×


IPy. Handy Python module for manipulating IP addresses—use IP(ip_addr).iptype() == ’PUBLIC’ to check that an address isn’t in a private address range. # 24th December 2007, 1:19 pm

Django Changeset 6671. Malcolm Tredinnick: “Implemented auto-escaping of variable output in templates”. Fantastic—Django now has protection against accidental XSS holes, turned on by default. # 14th November 2007, 5:05 pm

Django security fix released. Django’s internationalisation system has a denial of service hole in it; you’re vulnerable if you are using the i18n middleware. Fixes have been made available for trunk, 0.96, 0.95 and 0.91. # 26th October 2007, 9:47 pm

Two months with Ruby on Rails. Good rant—covers both the good and the bad. The first complaint is the lack of XSS protection by default in the template language. Django has the same problem, but the solution was 90% there when I saw Malcolm at OSCON. # 9th October 2007, 12:23 pm