Entries in category “Security”
Checking if you’re pwned (with Django)
Back in March I announced the release of a couple security-related projects for Django, one that implements the
Referrer-Policy header, and one that uses the Pwned Passwords database of Have I Been Pwned to check users’ passwords.
Today I’ve bumped the version and rolled a new release of pwned-passwords-django; if you’re reading this, version 1.2 is on the Python Package Index, and is only a
pip install away. And, of course, there’s full documentation available on how to use it.
(technically, 1.2.1 is now the version on PyPI, because ...
Let’s talk about packages
PyPI is an incredibly important piece of infrastructure for the Python community, and if you use Python you probably use PyPI, directly or indirectly, on a daily basis, and many different sites, services, and companies rely heavily on it.
But: if you rely on PyPI, how often do you think about that reliance? What would you do ...
Two new projects
Django and security are two of my favorite topics, and I think they go pretty well together. I’ve given a number of conference talks and tutorials on the theme of Django and security, and I’m one of the people on the receiving end of Django’s security-reporting email address. But although I spend a lot of time thinking about security, and trying to improve the state of the world through code, and occasionally ranting on various forms of social media, I don’t spend a lot of time writing about it here.
Let’s talk about usernames
A few weeks ago I released django-registration 2.4.1. The 2.4 series is the last in the django-registration 2.x line, and from here on out it’ll only get bugfixes. The
master branch is now prepping for 3.0, which will remove a lot of the deprecated cruft that’s accumulated over the past decade of maintaining it, and try to focus on best practices for modern Django applications.
I’ll write more about that sometime soon, but right now I want to spend a little bit of time talking about ...
Reminder for people who try and think it’s a bug: Persona, on this site, is for me to be able to log in and post entries. As such, you will not be able to log in to this site, since you don’t have an account and can’t create one. This isn’t a bug, it’s intended functionality — site owners can control whether accounts can be created, and by whom.
So, last week I mentioned in passing that my next project for this site would be implementing Persona for authentication. Since I ...