mozilla / playdoh

PROJECT DEPRECATED (WAS: "Mozilla's Web application base template. Half Django, half awesomeness, half not good at math.")
BSD 3-Clause "New" or "Revised" License
709 stars 107 forks source link

Draw a logical diagram of Playdoh technical architecture #105

Open groovecoder opened 12 years ago

groovecoder commented 12 years ago

Pretty please.

ygjb commented 12 years ago

I will bring a bottle of icewine to MV the week of May 14th with whoever does this :D

peterbe commented 12 years ago

Mmm... going to enjoy my icewine! http://cl.ly/GAVc

groovecoder commented 12 years ago

Is there a picture of what's inside that playdoh box? ;)

groovecoder commented 12 years ago

a WebAppSec review brought this on - so they would be interested in how the pieces of playdoh work w/r/t uploaded files, csrf protections, etc.

peterbe commented 12 years ago

Hmm... After all, playdoh doesn't really exist. It's just a template with our preferred default settings and stuff.

With regards to uploaded files and csrf, it's whatever Django does. But to complicate matters a whee bit because we have strong recommendations that go beyond stock Django. For example, we recommend using django-session-csrf instead.

Maybe, we can do this: 1) find a logical diagram that describes Django 2) write a bullet point list of what security conventions and defaults we tack on to default Django

groovecoder commented 12 years ago

Yes, something like this:

http://hitesh.in/2009/django-flow/