Posts tagged django in Feb, 2011
Filters: Year: 2011 × Month: Feb × django × Sorted by date
CSRF: Flash + 307 redirect = Game Over. Here’s the exploit that Django and Rails both just released fixes for. It’s actually a flaw in the Flash player. Flash isn’t meant to be able to make cross-domain HTTP requests with custom HTTP headers unless the crossdomain.xml file on the other domain allows them to, but it turns out a 307 redirect (like a 302, but allows POST data to be forwarded) confuses the Flash player in to not checking the crossdomain.xml on the host it is being redirect to.
Is South the best tool to use when doing database migrations in Django?
Yes. And I say that as an author of another Django migrations tool (dmigrations) which offered a small subset of South’s current functionality.
[... 42 words]