On Monday, December 20, 2010, Yo-Yo Ma <[email protected]> wrote: > UPDATE: > > The BuiltWith team has removed Django because there aren't enough > clues to accurately detect Django in some circumstances, and they > didn't want to give bad data. Instead, they've added > http://trends.builtwith.com/cms/Django-CSRF (which basically is > telling you a site uses Django). They're also adding detection for > detecting mod-wsgi. > > From the core team, are there any reliable clues to detect Django that > are more consistent than <input> naming conventions? CSRF doesn't > always apply. This tool can also be helpful for those contributors who > run Django showcase sites, etc.
No, there aren't any completely reliable clues -- and in my opinion, that's a good thing. Providing an easy way to identify a Django site serves no purpose other than inflating project ego. On the other hand, if I am a black hat hacker, and i want to take down your site, being able to easily identify the software running your site dramatically narrows the search for possible attack vectors. As much as I enjoy the trainspotting aspect of knowing where Django is being used, it is information that doesn't need to be shared by default. If I want to share the technology that I have used in building my site, I can put up a colophon page, or write a case study on a blog, or any number of other options. I see no reason that this information needs to be machine readable at all, let alone machine readable by default. As Jeremy has noted, the closest you will get to easily identifying a Django site is to look for the telltale signs of the admin site, but admin is not universally deployed, nor is it universally deployed at /admin (in fact, I routinely use a different URL for admin deployment). You might also get some hints out of session cookie naming - but again, not every site uses Django's session framework, and if they do, the session cookie name is configurable. Yours, Russ Magee %-) -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
