Entries in category “Security”

5 entries in this category. See also: Feed icon feed of entries in this category, list of all entry categories.

Checking if you’re pwned (with Django)

Back in March I announced the release of a couple security-related projects for Django, one that implements the Referrer-Policy header, and one that uses the Pwned Passwords database of Have I Been Pwned to check users’ passwords.

Today I’ve bumped the version and rolled a new release of pwned-passwords-django; if you’re reading this, version 1.2 is on the Python Package Index, and is only a pip install away. And, of course, there’s full documentation available on how to use it.

(technically, 1.2.1 is now the version on PyPI, because ...

Entry published June 18, 2018. Read full entry.

Let’s talk about packages

Recently the Python community got to celebrate the triumphant launch of the new Python Package Index. It’s been a long time coming, and the folks who made it happen all deserve a round of applause.

PyPI is an incredibly important piece of infrastructure for the Python community, and if you use Python you probably use PyPI, directly or indirectly, on a daily basis, and many different sites, services, and companies rely heavily on it.

But: if you rely on PyPI, how often do you think about that reliance? What would you do ...

Entry published April 25, 2018. Read full entry.

Two new projects

Django and security are two of my favorite topics, and I think they go pretty well together. I’ve given a number of conference talks and tutorials on the theme of Django and security, and I’m one of the people on the receiving end of Django’s security-reporting email address. But although I spend a lot of time thinking about security, and trying to improve the state of the world through code, and occasionally ranting on various forms of social media, I don’t spend a lot of time writing about it here.

So ...

Entry published March 6, 2018. Read full entry.

Let’s talk about usernames

A few weeks ago I released django-registration 2.4.1. The 2.4 series is the last in the django-registration 2.x line, and from here on out it’ll only get bugfixes. The master branch is now prepping for 3.0, which will remove a lot of the deprecated cruft that’s accumulated over the past decade of maintaining it, and try to focus on best practices for modern Django applications.

I’ll write more about that sometime soon, but right now I want to spend a little bit of time talking about ...

Entry published February 11, 2018. Read full entry.

Personafied

Reminder for people who try and think it’s a bug: Persona, on this site, is for me to be able to log in and post entries. As such, you will not be able to log in to this site, since you don’t have an account and can’t create one. This isn’t a bug, it’s intended functionality — site owners can control whether accounts can be created, and by whom.

So, last week I mentioned in passing that my next project for this site would be implementing Persona for authentication. Since I ...

Entry published September 5, 2013. Read full entry.