Open groovecoder opened 12 years ago
I will bring a bottle of icewine to MV the week of May 14th with whoever does this :D
Mmm... going to enjoy my icewine! http://cl.ly/GAVc
Is there a picture of what's inside that playdoh box? ;)
a WebAppSec review brought this on - so they would be interested in how the pieces of playdoh work w/r/t uploaded files, csrf protections, etc.
Hmm... After all, playdoh doesn't really exist. It's just a template with our preferred default settings and stuff.
With regards to uploaded files and csrf, it's whatever Django does. But to complicate matters a whee bit because we have strong recommendations that go beyond stock Django. For example, we recommend using django-session-csrf instead.
Maybe, we can do this: 1) find a logical diagram that describes Django 2) write a bullet point list of what security conventions and defaults we tack on to default Django
Yes, something like this:
Pretty please.