Categories
Security

Inlineshashes: a new tool to help you build your CSP

Content-Security-Policy (CSP) is an important mechanism in today’s web security arsenal. Is a way of defending against Cross-Site Scripting and other attacks. It isn’t hard to get started with or to put in place in order to secure your website or web application (I did that exercise in a previous post). However when the systems […]

Categories
Python

Django Friday Tips: Admin Docs

While the admin is a well known and very useful app for your projects, Django also includes another admin package that isn’t as popular (at least I never seen it being heavily used) but that can also be quite handy. I’m talking about the admindocs app. What it does is to provide documentation for the […]

Categories
Security Technology and Internet

Who keeps an eye on clipboard access?

If there is any feature that “universally” describes the usage of computers, it is the copy/paste pattern. We are used to it, practically all the common graphical user interfaces have support for it, and it magically works. We copy some information from one application and paste into another, and another… How does these applications have […]

Categories
Python Software Development

Django Friday Tips: Deal with login brute-force attacks

In the final tips post of the year, lets address a solution to a problem that most websites face once they have been online for a while. If you have a back-office or the concept of user accounts, soon you will face the security problem of attackers trying to hack into these private zones of […]

Categories
Personal Technology and Internet

worker-planet was awarded a swag box

If you remember, back in June/July I worked on a small project to make it easy to build small community pages that aggregate content produced from many sources. As I shared in the post, worker-planet was built to run on “Cloudflare Workers” without the need to manage a server yourself. A short time afterwards I […]

Categories
Personal Technology and Internet

Tools I’m thankful for

In the spirit of thanksgiving, even though it isn’t a tradition here where live, and following the same path as some posts I’ve read today, here’s 5 software tools I’m thankful for. (Of course this is not a comprehensive list, but today these are the ones that come to my mind) Syncthing This tool basically […]

Categories
Python

Django Friday Tips: Custom Admin Pages

One of the great builtin features of Django is the admin app. It lets you, among other things, execute the usual CRUD operations on your data, search, filter and execute bulk actions on many records. However the interface is a bit rigid, by default you have the “dashboard” with the list of models, the page […]

Categories
Technology and Internet

worker-planet

Some time ago I wrote about using “Cloudflare Workers”, first as a way of adding Content-Security-Policy headers to your pages (when you don’t have other easy ways of doing it) and after I even built an easy to deploy DDNS solution on top of them. This time I just used this tool to build a […]

Categories
Python Software Development

Django Friday Tips: Password validation

This time I’m gonna address Django’s builtin authentication system, more specifically the ways we can build custom improvements over the already very solid foundations it provides. The idea for this post came from reading an article summing up some considerations we should have when dealing with passwords. Most of those considerations are about what controls […]

Categories
Personal Random Bits

My picks on open-source licenses

Sooner or later everybody that works with computers will have to deal with software licenses. Newcomers usually assume that software is either open-source (aka free stuff) or proprietary, but this is a very simplistic view of the world and wrong most of the time. This topic can quickly become complex and small details really matter. […]