Posts under tag: "Security"

Django: Custom safe excludes from dangerous XSS Injection

By: summonagus ● at Jan. 3, 2017, 7:44 a.m. ● Posted under: #Templates, #Tricks, #Security, #Solution, #Django, #Problem

Django Custom safe excludes from dangerous XSS Injection. Answered from: http://stackoverflow.com/a/41434870/6396981 from bs4 import BeautifulSoup from django import template from django.utils.html import escape register = template.Library() INVALID_TAGS = ['script', 'style'] def clean_html(value): soup = BeautifulSoup(value) for tag in soup.findAll(True): if tag.name in INVALID_TAGS: #tag.hidden = True # you also can ...

Read More →

Understanding @user_passes_test Django

By: summonagus ● at Nov. 28, 2016, 10:05 p.m. ● Posted under: #Django, #Tricks, #Security, #Solution, #Problem

Django decorator has a function to manage the user, once of it is user_passes_test. But, in my implementation i found this problem: ERR_TOO_MANY_REDIRECTS, or 'AnonymousUser' object is not iterable. I need to custom the user by instancing from user models, for example: from django.db import models from django.contrib.auth.models import User ...

Read More →

Understanding Google reCAPTCHA in Django

By: summonagus ● at Oct. 9, 2016, 7:01 p.m. ● Posted under: #Django, #Security, #API

Understanding Google reCAPTCHA in Django. I found this awesome answer to simply understand how to use API from Google reCAPTCHA. import urllib, urllib2 def recaptcha(request, postdata): rc_challenge = postdata.get('recaptcha_challenge_field', '') rc_user_input = postdata.get('recaptcha_response_field', '').encode('utf-8') url = 'http://www.google.com/recaptcha/api/verify' values = { 'privatekey': 'XXXXXXXXXXXXXXXXXXXXXXX', 'remoteip': request.META['REMOTE_ADDR'], 'challenge': rc_challenge, 'response': rc_user_input } data ...

Read More →

Django: Redirect HTTP to HTTPS

By: summonagus ● at Oct. 8, 2016, 4:24 a.m. ● Posted under: #Settings, #Django, #Security, #Solution

Django: Redirect HTTP to HTTPS, basically the Django already support to handle this redirection at https://docs.djangoproject.com/en/dev/topics/security/#ssl-httpsEdit in your settings.py # Redirecting from `HTTP` to `HTTPS` for Django 1.8 or later SECURE_SSL_REDIRECT = True SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') Hope it usefull..

Read More →

Simple bash scripting for login before open the terminal

By: summonagus ● at Oct. 2, 2016, 3:52 p.m. ● Posted under: #Tricks, #Security

Add this in your file of /etc/bash.bashrc, makesure you logged in as root. while true; do # Don't exit at Ctrl-C trap "echo" SIGINT printf "\n" echo -n " Who are you guys? "; read -s name; if [ "$name" == "agus" ]; then reset printf "\n Welcome my KING! ...

Read More →

Django: Simple User Authentication Login and Logout

By: summonagus ● at Oct. 2, 2016, 8:13 a.m. ● Posted under: #Templates, #Problem, #Django, #Security

Django: Simple User Authentication Login and Logout. This problem hasbeen asked with someone in in https://www.facebook.com/groups/DjangoID/, he asked "how to custom template of login form in django". First, makesure you understrand how django is work. and in this method, we used default model User from django. and default user authentications from django. There just modified ...

Read More →

Django: Force User is anonymous to logout page bassed in generic.DetailView

By: summonagus ● at Oct. 2, 2016, 8:13 a.m. ● Posted under: #Problem, #Django, #Security

Django: Force User is anonymous to logout page bassed in generic.DetailView. Hello, this is my last problem in my project. We use generic.DetailView in my dashboard for member. So the problem is, how to redirect anonymous user in django generic? We have an error like this: Page not found (404) How to ...

Read More →

Django session for setup expired User was logged in to log out

By: summonagus ● at Oct. 2, 2016, 8:13 a.m. ● Posted under: #Tricks, #Problem, #Settings, #Django, #Security

Django session for setup expired User was logged in to log out, this problem hasbeen asked with someone in stackoverflow, and this is a good answer of it http://stackoverflow.com/a/14831237/3445802: That answer Update for Django 1.6, and now we worked with django 1.8.7, but it still works. 1. Add this for Handle session, in your ...

Read More →

Untranslate Tools for Cryptography

By: summonagus ● at Oct. 2, 2016, 8:13 a.m. ● Posted under: #Tricks, #Problem, #Security, #Looping

Untranslate Tools for Cryptography, This made for string chars that was translated with string.translate from python modules. For my stack, i think why me not build a program un-translate for it?  1. Stack Problem >>> import string >>> make_trans = string.maketrans('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz', 'CDEFGHIJKLMNOPQRSTUVWXYZABcdefghijklmnopqrstuvwxyzab') >>> trans = string.translate("Summon Agus", make_trans) >>> trans 'Uwooqp Ciwu' ...

Read More →

Installing Django Recaptcha Google

By: summonagus ● at Oct. 2, 2016, 8:13 a.m. ● Posted under: #Problem, #APP, #Django, #Project, #Security

Good night, welcome back again in Python Learning, this time i wanna share simply tutorial how to Install Django Recaptcha from Google reCAPTCHA. There is using Django reCAPTCHA, for more you can checkout at this repository https://github.com/praekelt/django-recaptcha 1. Makesure you already has the form before setup Django reCAPTCHA. 2. Installing django from pip: $ pip install django-recaptcha or directly ...

Read More →