Re: Handling cookies that contain illegal values
Hey Daniel,
Thanks for the reply. Unfortunately doing this in a custom middleware is
not an option, as the this processing needs to take place at a very low
level, at the point where the Request object is being built. By the time
the request is passed in to the middleware layers for processing, the
cookies would already have been lost.
Will
On Friday, February 5, 2016 at 12:31:30 AM UTC+1, Daniel Chimeno wrote:
>
> Hello,
>
>>
>> I have resolved this in my instance as follows in django/http/cookie.py:
>>
>> def parse_cookie(cookie):
>> cookie = re.sub('[^\x20-\x7e]+', 'X', cookie)
>> ...
>>
>>
>>
>> It would be preferable to write that code in a middleware than in the
> Django code itself.
> Before the middleware that handles the cookie (I guess it would be
> Session), you can *sanitize* that cookie.
>
> Hope it helps.
>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/08dde6a1-1eb8-4428-906b-f619947ea8b5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Handling cookies that contain illegal values
Thanks Tim, fascinating. At least I can tell the big boss the problem was
"caused" by the BDFL ;-)
Will
On Friday, February 5, 2016 at 1:52:34 PM UTC+1, Tim Graham wrote:
>
> This is caused by a security fix in Python (which Django uses for cookie
> parsing). I think the issue can be fixed without cause security problems
> but I'm not sure. Please follow
> https://code.djangoproject.com/ticket/26158 and related Python tickets.
>
> On Friday, February 5, 2016 at 3:13:14 AM UTC-5, Will Harris wrote:
>>
>> Hey Daniel,
>>
>> Thanks for the reply. Unfortunately doing this in a custom middleware is
>> not an option, as the this processing needs to take place at a very low
>> level, at the point where the Request object is being built. By the time
>> the request is passed in to the middleware layers for processing, the
>> cookies would already have been lost.
>>
>> Will
>>
>> On Friday, February 5, 2016 at 12:31:30 AM UTC+1, Daniel Chimeno wrote:
>>>
>>> Hello,
>>>
>>>>
>>>> I have resolved this in my instance as follows in django/http/cookie.py
>>>> :
>>>>
>>>> def parse_cookie(cookie):
>>>> cookie = re.sub('[^\x20-\x7e]+', 'X', cookie)
>>>> ...
>>>>
>>>>
>>>>
>>>> It would be preferable to write that code in a middleware than in the
>>> Django code itself.
>>> Before the middleware that handles the cookie (I guess it would be
>>> Session), you can *sanitize* that cookie.
>>>
>>> Hope it helps.
>>>
>>>
>>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/2d48945b-b1fc-4811-b795-b11d92f0948b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: Debugging DJango app on production for High CPU Usage
Hey Web Architect, I guess you never got that DB dump running in development? ;-) Why don't you run some profiling middleware to see if you can some traces of the production system? Or how about New Relic or some such? That's pretty good at helping to identify problems spots in your stack. Finally, you will really need to get your production setup running in a development environment if you are ever to have a hope of experimenting with different solutions. You need to understand what user actions are causing the load to spike, and reproduce that on similar infrastructure in a controlled environment where you can instrument your code to see exactly what's going on. On Wednesday, February 24, 2016 at 5:59:28 AM UTC+1, Web Architect wrote: > > Hi, > > We have an ecommerce platform based on Django. We are using uwsgi to run > the app. The issue the CPU usage is hitting the roof (sometimes going > beyond 100%) for some scenarios. I would like to debug the platform on > Production to see where the CPU consumption is happening. We have used > Cache all over the place (including templates) as well - hence, the DB > queries would be quite limited. > > I would refrain from using Django-debug toolbar as it slows down the > platform further, increases the CPU usage and also need to turn the DEBUG > on. Is there any other tool or way to debug the platform? Would appreciate > any recommendations/suggestions. > > Also, does the Django ORM increase the CPU usage? Does it block the CPU? > Would appreciate if anyone could throw some light on this. > > Thanks. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/aea85fe6-393a-46a6-af21-014673caa4ac%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: a question about django admin and language
Hi Paul, If you want the admin site to behave differently than the main site, you could consider running two instances, one with the i18n activated for the main site, and one for admin users with it disabled. In production, from a security standpoint, it's a good idea to have the admin site running with different settings/access in any case. Will On Thursday, February 25, 2016 at 2:37:54 PM UTC+1, Paul Z wrote: > > Hi, > > I'm new to django, I try to set up a site that can select language > automatically. > So, I set as below: > > LANGUAGE_CODE = 'en' > > TIME_ZONE = 'UTC' > > USE_I18N = True > > USE_L10N = False > > USE_TZ = False > > For now, It can select language automatically, But, The question is: > > I don't want to it select language in Django Admin Interface, I want to it > always display in English. > > So, How to? > > Thanks > Paul Z > > > > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/b612e437-c093-4c06-b7ec-e53244402b2d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
