Last week, an article was published with some interesting numbers about the security of PostgreSQL servers publicly exposed to the internet (You can find it here). But more than the numbers, what really caught my attention was the fact that most clients and libraries used to access and interact with the databases have insecure defaults: […]
Tag: djangofridaytips
Django management commands can be very helpful while developing your application or website, we are very used to runserver, makemigrations, migrate, shell and others. Third party packages often provide extra commands and you can easily add new commands to your own apps. Today lets take a look at some less known and yet very useful […]
Django Friday Tips: Admin Docs
While the admin is a well known and very useful app for your projects, Django also includes another admin package that isn’t as popular (at least I never seen it being heavily used) but that can also be quite handy. I’m talking about the admindocs app. What it does is to provide documentation for the […]
In the final tips post of the year, lets address a solution to a problem that most websites face once they have been online for a while. If you have a back-office or the concept of user accounts, soon you will face the security problem of attackers trying to hack into these private zones of […]
Django Friday Tips: Custom Admin Pages
One of the great builtin features of Django is the admin app. It lets you, among other things, execute the usual CRUD operations on your data, search, filter and execute bulk actions on many records. However the interface is a bit rigid, by default you have the “dashboard” with the list of models, the page […]
This time I’m gonna address Django’s builtin authentication system, more specifically the ways we can build custom improvements over the already very solid foundations it provides. The idea for this post came from reading an article summing up some considerations we should have when dealing with passwords. Most of those considerations are about what controls […]
Django Friday Tips: Subresource Integrity
As you might have guessed from the title, today’s tip is about how to add “Subresource integrity” (SRI) checks to your website’s static assets. First lets see what SRI is. According to the Mozilla’s Developers Network: Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from […]
In this year’s first issue of my irregular Django quick tips series, lets look at the builtin tools available for managing access control. The framework offers a comprehensive authentication and authorization system that is able to handle the common requirements of most websites without even needing any external library. Most of the time, simple websites […]
Django Friday Tips: Inspecting ORM queries
Today lets look at the tools Django provides out of the box to debug the queries made to the database using the ORM. This isn’t an uncommon task. Almost everyone who works on a non-trivial Django application faces situations where the ORM does not return the correct data or a particular operation as taking too […]
Django Friday Tips: Feature Flags
This time, as you can deduce from the title, I will address the topic of how to use feature flags on Django websites and applications. This is an incredible functionality to have, specially if you need to continuously roll new code to production environments that might not be ready to be released. But first what […]