djangosnippets.org: Latest snippets tagged with 'security'https://djangosnippets.org/tags/security/2011-05-20T15:55:38.390186-05:00HTML5 filter for XXS
2011-05-20T15:55:38.390186-05:00ronniehttps://djangosnippets.org/snippets/2444/<p>Usefull for TinyMCE, to allow some HTML but be vunarable by XXS attacks</p>
<p>You need to install html5lib</p>
<p>sudo easy_install html5lib</p>
Freely redistributableHammeringMiddleware
2011-03-10T17:10:05.462985-06:00pandoodlhttps://djangosnippets.org/snippets/2389/<p>A middleware which will protect from page hammering using flexible spanning time windows using the cache backend.
Please read the Docstring of the class for details.</p>
Freely redistributableRate Limiting Decorator
2010-11-28T19:51:43.167076-06:00levigrosshttps://djangosnippets.org/snippets/2276/<p>This is a small and useful decorator that you can use to protect yourself from bad users or bots hitting your site.</p>
Freely redistributableAdd httponly to session cookie
2010-04-12T12:36:49.964995-05:00rodolfo.3https://djangosnippets.org/snippets/1983/<p>Middleware to set "sessionid" (ou your session cookie) with httponly (see <a href="http://code.djangoproject.com/ticket/3304">"Django bug report"</a>). To work, you need put it before "SessionMiddleware"</p>
Freely redistributableSecurity: Sideband information cover traffic middleware
2010-03-25T09:20:08.232559-05:00jdunckhttps://djangosnippets.org/snippets/1970/<p>This is a quick hack to address the SSL info leakage covered here:
http://www.freedom-to-tinker.com/blog/felten/side-channel-leaks-web-applications</p>
<p>Don't use this in prod without testing. :-)</p>
<p>I'll get some feedback from django-dev and update here.</p>
Freely redistributableSupport IP ranges in INTERNAL_IPS
2010-01-09T18:28:11.151972-06:00jdunckhttps://djangosnippets.org/snippets/1862/<p>CIDR ( http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing ) is a well-known IP range syntax. This CIDR_LIST class can be used to make ranges of IPs considered "internal" for Django's debugging and security purposes. (Django only ever needs to do "ip in INTERNAL_IPS" so <strong>contains</strong> is sufficient for the purpose.)
</p>
<p>For example, to make localhost …</p>
Freely redistributableSanitize HTML filter with tag/attribute whitelist and XSS protection
2009-07-27T13:05:22.125896-05:00harrymhttps://djangosnippets.org/snippets/1655/<p>Reworked version of <a href="http://www.djangosnippets.org/snippets/205/">this snippet</a> that now accepts an argument so the user can specify which tags to allow, and which attributes should be allowed for each tag. Argument should be in form <code>tag2:attr1:attr2 tag2:attr1 tag3</code>, where tags are allowed HTML tags, and attrs are the allowed attributes for …</p>
Freely redistributableNonceField for disabling autocompletion
2009-02-22T08:35:59.504565-06:00johnnoonehttps://djangosnippets.org/snippets/1335/<p>For disabling autocomplete and security purpose, this snippet defines a CharField with a randomness name for each request of the form.
</p>
<p>This is useful for turning off autocomplete for credit card input in all browsers, without breaking the xhtml validation.
</p>
<ul>
<li>
<a href="https://wiki.mozilla.org/The_autocomplete_attribute_and_web_documents_using_XHTML#Security">https://wiki.mozilla.org/The_autocomplete_attribute_and_web_documents_using_XHTML#Security</a>
</li>
<li>
<a href="http://en.wikipedia.org/wiki/Cryptographic_nonce">http://en.wikipedia.org/wiki/Cryptographic_nonce</a>
</li>
</ul>
Freely redistributableStrictAuthentication - Auto log-out inactive users
2008-10-02T12:36:01.992082-05:00yeagohttps://djangosnippets.org/snippets/1105/<p>This dead-simple piece of middleware adds a terrific security feature to django authentication. Currently, users who's accounts are de-activated still may have a cookie and a login session. This middleware destroys that session on their next request.
</p>
<p>Simply add this class into a middleware.py and add it to your settings.
</p>
Freely redistributableAlternative to Captchas (Without Human Interaction)
2008-09-28T15:08:46.743873-05:00Archatashttps://djangosnippets.org/snippets/1092/<p>This security field is based on the perception that spambots post data to forms in very short or very long regular intervals of time, where it takes reasonable time to fill in a form and to submit it for human beings.</p>
<p>Instead of captcha images or Ajax-based security interaction, the …</p>
Freely redistributableSign a string using SHA1, then shrink it using url-safe base65
2008-08-27T07:24:38.059564-05:00simonhttps://djangosnippets.org/snippets/1004/<p>Sometimes it's useful to sign data to ensure the user does not tamper with it - for example, cookies or hidden form variables. SHA1 is cryptographically secure but weighs in at 40 characters, which is pretty long if you're going to be passing the data around in a URL or …</p>
Freely redistributableProtect anti robots template tag
2008-05-06T12:26:33.365288-05:00marinhohttps://djangosnippets.org/snippets/742/<p>This code works like that in the Google Groups you see and when try to see an e-mail and it is like this "mari..@gmail.com" with a link to write a captcha code and see the true value.</p>
<p>You can use it for anything you want: links, blocks of texts, block …</p>
Freely redistributableSanitize text field HTML (here from the Dojo Toolkit Editor2 widget)
2007-04-10T14:11:42.561665-05:00akaiholahttps://djangosnippets.org/snippets/169/<p>When using a JavaScript WYSIWYG editor widget for text area content, the resulting HTML should be sanitized so no unallowed HTML tags (esp. script tags) are present.</p>
<p>The <a href="http://www.crummy.com/software/BeautifulSoup/">BeautifulSoup</a> library handles HTML processing in the solution presented above, so you should place it in the Python path.</p>
<p>The snippet also …</p>
Freely redistributable