One thing that Django would definitely benefit from is support for
simple protection against CSRF attacks. The admin site should have
this turned on by default, and some kind of mechanism for easily
applying it to custom code would be welcome as well.
CSRF attacks are described in detail here:
(Further info at the bottom of the page)
Basically, if I can trick you in to visiting a page that I control
The only guaranteed defence against this attack is to include in
I've filed a bug to track developments on this: http://
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.