Django uses the cookie, set by set_signed_cookie () to display the value that is not encrypted.

cookie:
    response = HttpResponse()
    response.set_signed_cookie("signed_cookie_name","signed_cookie_value","salt")

cookie,:
    Name :signed_cookie_name
    Value :signed_cookie_value:1fPSBW:_JLMVkTZzxZe7aZr7KyjXwrsBBs

 value,??

Python django

Mar.16,2021

Django is designed like this.
signed_cookie is just a signed cookie, not an encrypted cookie.

The function of

signed_cookie is to prevent users from compiling it privately. Reference: Securing Web Cookies With Signatures

So once I've logged in, we set a username cookie containing "Michael Brunton-Spall", or uid=1 or something.
The problem with this is that the user is in total control of this cookie

simply recording uid or user name is easy to be tampered with in cookie (which is also the reason why it is not recommended to record user sensitive information in cookie). In case an attacker replaces uid=1 with uid=2 , won't he be able to access uid=2 user's resources? If it is replaced by uid=2:1fPjh2:iQGDDYNcgSYkIFqa2ixqakj6-gI , then the server not only verifies uid , but also verifies the signature field after uid=2 , that is, it calls HttpRequest.get_signed_cookie (key=key, salt=salt) , so that even if the user changes the value in cookie to uid=2 , but does not sign, the server still refuses to access resources.

in addition, the cookie signature of Django is Base64_with_hmac . Refer to Source code for django.core.signing

if you need to set the encrypted value, in cookie, you need to encrypt the value by yourself (as if it can only be symmetrical encryption), for example, use hashlib.sha256 {reference: python.org/3/library/hashlib.html" rel=" nofollow noreferrer "> hashlib-Secure hashes and message digests }:

  Introduction to JSON Web Tokens  also exposes information to users (but ordinary users cannot see the information directly through token, need a little encryption and decryption, and it is impossible for users to modify the encrypted content). 
 needs to fundamentally prevent man-in-the-middle attacks, and https would be a wise choice.



Previous: React native IOS real machine remote debugging JS, Google browser reported an error
Next: Any package installed by npm is invalid







How should django be written in such a way as SQL?

that s the question. I ve been looking for it on the Internet for a long time, but I can t find it. for example, I want to query SQL: select a from atable,btable where atable.id=btable.id
an is the field of atable and b is the field of btable. B...


Python
django


Feb.28,2021




Django how to sequence number array or specified format

query the data in this way
user_add1 = UserAddress.objects.filter(id=int(add_id))
then serialize
json_data = serializers.serialize("json", user_add1, ensure_ascii=False)
return json
return HttpResponse(json.dumps(json_data), content_t...


Python
django
javascript


Feb.28,2021




Why does it take so long for django to perform a simple database operation through queryset?

as shown in the figure, a simple add and query operation takes up to 1 second [environment: windows + python3 + django2]. (the amount of data in PS: is not much, and todo_list has only 2 rows of data, which is still so slow.)
def get(request):
-...


Python
django
mysql
database
backend


Feb.28,2021




Django template inheritance, no inheritance data, is there any good way?

wrote a blog, tags has to be loaded every page, so use template inheritance, inherited there is no data, is there any good way?
I can think of a global variable or decorator. Does Django have a better solution?
...


Python
django


Feb.28,2021




What are some simple ways to localize data in Django?
 We know that there are good ways to localize data such as localStorage,sessionStorage in HTML5. So what are some convenient ways to localize data in Django? ...


Python
django


Mar.02,2021




Django Migration Model entry prompt on delete

according to the book "python programming from introduction to practice ", after modifying the models.py, execute the command python manage.py makemigrations learning_logs, to report an error and ask for advice.
model.py Code
from django.db import...


Python
django


Mar.02,2021




The time problem of django

define in models.py
jiezhi_date = models.DateTimeField (blank = True, null = True, db_index = True, verbose_name = _ (u information cutoff ))
in the template:
< div style= "color:-sharpA8B1BA; " class= "text " > deadline: {{form.jiezhi_date}}...


Flask
python
django


Mar.03,2021




Django, deletes the uploaded picture in the admin background only deletes the record of the database, but the picture still exists, could you tell me how to deal with this?

Novice django, deletes the uploaded picture in the admin background only deletes the record of the database, but the picture still exists in the media img folder. How to deal with this?
models.py
class HomePageProductPictureDisplay(models.Model):
d...


Python
django-admin
django


Mar.03,2021




How to delete authentication and authorization for django admin customization
 as shown in the picture, how can I delete it if I don t want to see it in the admin sidebar? seems to exist by default. ...


Python
django-admin
django


Mar.03,2021




When entering background information of django database model and xadmin, second-level classification, the first-level classification is selected first, and the second-level classification is selected.

I want to make a book classification there are two categories:
(id(), name)
(id(), fist_type(), name)
there is also a book information table
()
when you want to add book information in the xadmin background, select the first category first, and th...


Python
django


Mar.03,2021




Django for unit testing

how does django import tets.py data when conducting automated testing? I export the contents of the database as api.json. Then import to the unit test database, but the unit test database does not have data, what is wrong?
where the json file of the...


Python
django
nginx
mysql


Mar.04,2021




How to customize LoginForm using django-mama-cas
 I want to use django-mama-cas to complete the CAS login, but the login module that comes with the system is a little too simple. I want to add something by myself, but Form cannot set its own defined Form (LOGIN Template in the setting file. I would li...


Web
python
django


Mar.04,2021




On the problem of obtaining data by ajax

first of all, when the user logs in, I want to display the user s information and get the data in the profile_ajax view. This corresponds to html html
formuid
. Here is the problem. I click here to view the details. Will the ajax of html not enter th...


Html
javascript
python
django
typescript


Mar.06,2021




How does django receive json data from post?

how to use js post to django data in django to receive JS similar to this
str = {"student":[{"number":"0","name":"a"}]} ;
obj = JSON.parse(str);
look at the data in chrome like this
[student][0][...


Javascript
python
django


Mar.13,2021




Django create Learning Notes Tip cannot import name 'views'

Task: create study notes-map URL Code:
urls.py "define URL schema for learning_logs "
from django.conf.urls import url
from. Import views
urlpatterns = []
-sharp
url(r ^$ ,views.index,name = index ),
]
execution tips are as follows: ...


Python
django


Mar.17,2021




About Django secret_key running python manage.py runserver error report

secret_key cannot be empty
...


Python
django


Mar.18,2021




Why is the django routing system getting longer and longer?

I directly enter the address http: 127.0.0.1:8000 boycott ajaxTot can be opened, but the address that jumps through httpResponseRedirect is wrong? I thought I understood the routing system of django, but this example confused myself why it appeared ...


Python
django


Mar.20,2021




Django saves data Times error NOT NULL constraint failed

Save Times error after adding data
NOT NULL constraint failed:booktest_bookinfo.bpub_data
Source code
class BookInfo(models.Model):
btitld=models.CharField(max_length=20)
bpub_data=models.DateTimeField()
class HeroInfo(models.Model):
hna...


Python
django


Mar.21,2021




Problem with Nginx+uwsgi deployment django unable to load static files

Nginx and uwsgi are installed, tested, no problem, and then when using uwsgi to start the django project, using the browser to view the project will have the problem that static files cannot be loaded. No matter how to configure it, I can t do it well....


Python
django
uwsgi
nginx


Mar.28,2021




How to add a fixed value field to the queryset of django?

suppose I have the following code:
from django.contrib.auth.models import User
us = User.objects.all()
-sharp idis_active
v1 = us.values("id", "is_active")
-sharp ( User ): other= hehe
-sharp [{"id": 1, "is_a...


Python
django


Mar.28,2021






False


Django, Why does the system automatically generate an empty session? every time the request is made?


Use python to convert dict1 to dict2, in the example. I tried for a long time but couldn't find a solution.


How to self-start the php-fpm service when building a LNMP environment with docker?


Can an array in react state be bound to a dom state using an element in the array?


Wechat browser version 6.6.5 cannot prevent the springback of pull-up and drop-down to the top under ios system.


In express+hbs, how do you define the routed data as a variable on the page?


How to use symbol reference of Iconfont in dva


How to elegantly add data to JSON objects?


Using node to build video streaming server


The proportional width of the echarts graph is inconsistent.


React uses axios to call the background data. After success, how to jump to the page based on the returned value?


I don't understand what a linux command means. Please explain it.


Vue introduces multiple components in vue-router by nesting named views, and does not refresh the same reference in other pages.


Running nodejs reports fewer errors ")"



css
mysql
arrays
josn
react
html
typescript
webpack
npm
sass
R
objective-c
.net
sql-server
jquery
python-3.x
angularjs
django
angular
excel
regex
iphone
ajax
linux
xml
pandas
vba
spring
database
wordpress
string
wpf
xcode
windows
bash
postgresql
oracle
multithreading
eclipse
list
firebase
algorithm
macos
forms
image
scala
visual-studio
azure
bootstrap
spring-boot
react-native
python-2.7
docker
performance
function
winforms
matlab
powershell
apache
dataframe
api
sqlite
numpy
rest
shell
selenium
flutter
dart
maven
loops
qt
swing
android-studio
csv
express
file
class
tensorflow
sorting
codeigniter
perl



How can wepy get the app instance in a js file?


Can ionic hide a page that resides in the background?


The data returned by flask is garbled in chrome.


How do I use the ES7 decorator on objects or variables or functions?


How does mysql export the first N records of each table in a library?




© 2021 CodesHelper


Advertising
Contact us
About us


Menu