Reimagining front-end web development with htmx and hyperscript
We all know that to create an interactive front end for your website you need JavaScript. Not just vanilla JS, mind: we're in 2022, and to create an acceptable UI you need to be using a framework like React or Vue.js. Right?
Wrong.
In recent years, a...
Read: https://nomadiq.hashnode.dev/reimagining-front-end-web-development-with-htmx-and-hyperscript
We all know that to create an interactive front end for your website you need JavaScript. Not just vanilla JS, mind: we're in 2022, and to create an acceptable UI you need to be using a framework like React or Vue.js. Right?
Wrong.
In recent years, a...
Read: https://nomadiq.hashnode.dev/reimagining-front-end-web-development-with-htmx-and-hyperscript
The Best way: Safe way to hide secret information in any Django project
Hey!
Do you use Django in your project?
Then, this is for you. To build a web app requires writing API KEY, PASSWORD, MAIL ID, etc., sensitive information in your code. But, often, we write these pieces of information in our code straightforwardly ...
Read: https://rahulbiswas.hashnode.dev/the-best-way-safe-way-to-hide-secret-information-in-any-django-project
Hey!
Do you use Django in your project?
Then, this is for you. To build a web app requires writing API KEY, PASSWORD, MAIL ID, etc., sensitive information in your code. But, often, we write these pieces of information in our code straightforwardly ...
Read: https://rahulbiswas.hashnode.dev/the-best-way-safe-way-to-hide-secret-information-in-any-django-project
How to Protect Your Django Project's Secret Key
I have been working on some Django tasks for a while. I mistakenly pushed my secret key to my public GitHub repository.😬 Yeah, rookie mistake! 🤷🏽♂️
I immediately received an email from GitGuardian informing me of the security risks involved.
I t...
Read: https://themfon.hashnode.dev/how-to-protect-your-django-projects-secret-key
I have been working on some Django tasks for a while. I mistakenly pushed my secret key to my public GitHub repository.😬 Yeah, rookie mistake! 🤷🏽♂️
I immediately received an email from GitGuardian informing me of the security risks involved.
I t...
Read: https://themfon.hashnode.dev/how-to-protect-your-django-projects-secret-key
How to do a secure login in django
Secure Login Challenge
https://github.com/Sainya-Ranakshetram-Submission/secure-login
This project addresses all the web vulnerabilities and implements login system in a secure way
Web vulnerabilities addressed
Cross Site Forgery Request
Clickjackin...
Read: https://dhruvashaw.hashnode.dev/how-to-do-a-secure-login-in-django
Secure Login Challenge
https://github.com/Sainya-Ranakshetram-Submission/secure-login
This project addresses all the web vulnerabilities and implements login system in a secure way
Web vulnerabilities addressed
Cross Site Forgery Request
Clickjackin...
Read: https://dhruvashaw.hashnode.dev/how-to-do-a-secure-login-in-django
Debugging Django Applications in VSCode
This is very handy if our program fails to achieve the desired result and we want to run it line by line to see what went wrong.
So, click on this button and open the "run and debug" panel.
When we see the panel, we should create a launch.json file....
Read: https://ilkecandan.hashnode.dev/debugging-django-applications-in-vscode
This is very handy if our program fails to achieve the desired result and we want to run it line by line to see what went wrong.
So, click on this button and open the "run and debug" panel.
When we see the panel, we should create a launch.json file....
Read: https://ilkecandan.hashnode.dev/debugging-django-applications-in-vscode
What is Gunicorn?
What is Gunicorn?
Gunicorn is a WSGI server
As described in PEP3333, the Python Web Server Gateway Interface (WSGI) is a way to make sure that web servers and python web applications can talk to each other.
Gunicorn is built to facilitate multiple se...
Read: https://www.sidequirk.com/what-is-gunicorn
What is Gunicorn?
Gunicorn is a WSGI server
As described in PEP3333, the Python Web Server Gateway Interface (WSGI) is a way to make sure that web servers and python web applications can talk to each other.
Gunicorn is built to facilitate multiple se...
Read: https://www.sidequirk.com/what-is-gunicorn
How to set up csrf token with Django and React
I'm not sure that this implementation is completely correct from a security point, but i want write this article because i found some problems to set up django and react using the csrf.
I'm using:
Django 4.0
React 17
django-cors-headers
axios
This ...
Read: https://gimbogeek.hashnode.dev/how-to-set-up-csrf-token-with-django-and-react
I'm not sure that this implementation is completely correct from a security point, but i want write this article because i found some problems to set up django and react using the csrf.
I'm using:
Django 4.0
React 17
django-cors-headers
axios
This ...
Read: https://gimbogeek.hashnode.dev/how-to-set-up-csrf-token-with-django-and-react
Django security releases issued: 4.0.6 and 3.2.14
In accordance with our security release policy, the Django team
is issuing Django 4.0.6 and Django 3.2.14.
These release addresses the security issue detailed below. We encourage all
users of Django to upgrade as soon as possible.
CVE-2022-34265: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments
Trunc() and Extract() database functions were
subject to SQL injection if untrusted data was used as a kind/lookup_name value.
Applications that constrain the lookup name and kind choice to a known safe
list are unaffected.
This security release mitigates the issue, but we have identified improvements
to the Database API methods related to date extract and truncate that would be
beneficial to add to Django 4.1 before it's final release. This will impact 3rd
party database backends using Django 4.1 release candidate 1 or newer, until they
are able to update to the API changes. We apologize for the inconvenience.
Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
This issue has severity "high" according to the Django security policy.
Affected supported versions
* Django main branch
* Django 4.1 (currently at beta status)
* Django 4.0
* Django 3.2
Resolution
Patches to resolve the issue have been applied to Django's main branch and to
the 4.1, 4.0, and 3.2 release branches. The patches may be obtained from the
following changesets:
* On the main branch
* On the 4.1 release branch
* On the 4.0 release branch
* On the 3.2 release branch
The following releases have been issued:
* Django 4.0.6 (download Django 4.0.6 | 4.0.6 checksums)
* Django 3.2.14 (download Django 3.2.14 | 3.2.14 checksums)
The PGP key ID used for this release is Mariusz Felisiak: 2EF56372BA48CD1B.
General notes regarding security reporting
As always, we ask that potential security issues be reported via
private email to security@djangoproject.com, and not via Django's
Trac instance or the django-developers list. Please see our security
policies for further
information.
Read: https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
In accordance with our security release policy, the Django team
is issuing Django 4.0.6 and Django 3.2.14.
These release addresses the security issue detailed below. We encourage all
users of Django to upgrade as soon as possible.
CVE-2022-34265: Potential SQL injection via Trunc(kind) and Extract(lookup_name) arguments
Trunc() and Extract() database functions were
subject to SQL injection if untrusted data was used as a kind/lookup_name value.
Applications that constrain the lookup name and kind choice to a known safe
list are unaffected.
This security release mitigates the issue, but we have identified improvements
to the Database API methods related to date extract and truncate that would be
beneficial to add to Django 4.1 before it's final release. This will impact 3rd
party database backends using Django 4.1 release candidate 1 or newer, until they
are able to update to the API changes. We apologize for the inconvenience.
Thanks Takuto Yoshikai (Aeye Security Lab) for the report.
This issue has severity "high" according to the Django security policy.
Affected supported versions
* Django main branch
* Django 4.1 (currently at beta status)
* Django 4.0
* Django 3.2
Resolution
Patches to resolve the issue have been applied to Django's main branch and to
the 4.1, 4.0, and 3.2 release branches. The patches may be obtained from the
following changesets:
* On the main branch
* On the 4.1 release branch
* On the 4.0 release branch
* On the 3.2 release branch
The following releases have been issued:
* Django 4.0.6 (download Django 4.0.6 | 4.0.6 checksums)
* Django 3.2.14 (download Django 3.2.14 | 3.2.14 checksums)
The PGP key ID used for this release is Mariusz Felisiak: 2EF56372BA48CD1B.
General notes regarding security reporting
As always, we ask that potential security issues be reported via
private email to security@djangoproject.com, and not via Django's
Trac instance or the django-developers list. Please see our security
policies for further
information.
Read: https://www.djangoproject.com/weblog/2022/jul/04/security-releases/
Django Data Modeling, E-Commerce Data Modeling, Model Organization in Apps
Introduction to Data Modelling
Models are used to store and retrieve data. First, of all we should always figure out pieces of data that we want to store. So, what entities or concepts do we have in an e-commerce application?
We need a concept of a p...
Read: https://ilkecandan.hashnode.dev/django-data-modeling-e-commerce-data-modeling-model-organization-in-apps
Introduction to Data Modelling
Models are used to store and retrieve data. First, of all we should always figure out pieces of data that we want to store. So, what entities or concepts do we have in an e-commerce application?
We need a concept of a p...
Read: https://ilkecandan.hashnode.dev/django-data-modeling-e-commerce-data-modeling-model-organization-in-apps
Django Built-In User Management
Django has the entire authentication systems that is ready to go. With "runserver" function go to your browser and add the "/admin" at the end of your url. Mine looks like this: http://127.0.0.1:9000/admin
We only need to make sure that our database...
Read: https://ilkecandan.hashnode.dev/django-built-in-user-management
Django has the entire authentication systems that is ready to go. With "runserver" function go to your browser and add the "/admin" at the end of your url. Mine looks like this: http://127.0.0.1:9000/admin
We only need to make sure that our database...
Read: https://ilkecandan.hashnode.dev/django-built-in-user-management
Pet-проект для обучения или как я в одиночку писал Helpdesk
Ранее, у меня уже был опыт использования Helpdesk систем, но по разным причинам они не были внедрены у нас на предприятии. Хорошая возможность научится программировать, подумал я, и преступил к написанию собственного helpdesk’a.
Читать: https://habr.com/ru/post/675492/
Ранее, у меня уже был опыт использования Helpdesk систем, но по разным причинам они не были внедрены у нас на предприятии. Хорошая возможность научится программировать, подумал я, и преступил к написанию собственного helpdesk’a.
Читать: https://habr.com/ru/post/675492/
👎1
Django's Interaction with DataBases
Let's open a new app with the code we are familiar with. I am naming mine "notes".
python manage.py startapp notes
Like previously, we should register it to settings.py file as well.
After doing that, we should go to our models.py file.
This is the...
Read: https://ilkecandan.hashnode.dev/djangos-interaction-with-databases
Let's open a new app with the code we are familiar with. I am naming mine "notes".
python manage.py startapp notes
Like previously, we should register it to settings.py file as well.
After doing that, we should go to our models.py file.
This is the...
Read: https://ilkecandan.hashnode.dev/djangos-interaction-with-databases
Django News - Django security releases issued: 4.0.6 and 3.2.14 - Jul 8th 2022
Read: https://django-news.com/issues/135
Read: https://django-news.com/issues/135
👍2
Django: Creating a custom 404 Error Page
Introduction
The 404 error is shown when the user tries to navigate to a URL that doesn't exist. By default, Django returns a page when this error is raised. However, we can set a custom page to be displayed in a few steps.
Creating a Django project...
Read: https://zeeskylaw.hashnode.dev/creating-a-custom-404-error-page-with-django
Introduction
The 404 error is shown when the user tries to navigate to a URL that doesn't exist. By default, Django returns a page when this error is raised. However, we can set a custom page to be displayed in a few steps.
Creating a Django project...
Read: https://zeeskylaw.hashnode.dev/creating-a-custom-404-error-page-with-django
👍2
Building A Dictionary Web App With Django
A dictionary is simply a book/electronic medium that outlines words particular to a language along with their meanings. Modern dictionaries also provide information such as the origin of a word, its transcription, and use cases.
In this tutorial, we ...
Read: https://prosper-articles.hashnode.dev/building-a-dictionary-web-app-with-django
A dictionary is simply a book/electronic medium that outlines words particular to a language along with their meanings. Modern dictionaries also provide information such as the origin of a word, its transcription, and use cases.
In this tutorial, we ...
Read: https://prosper-articles.hashnode.dev/building-a-dictionary-web-app-with-django
Using Cloudflare R2 with Django for storage
I am a long fan and user of Cloudflare and with Cloudflare R2 i am more in love with cloudflare.
Cloudflare R2 is one of the amazing and interesting service that Cloudflare has released. It's called,
Rapid and Reliable Object Storage, minus the egre...
Read: https://djangotherightway.com/using-cloudflare-r2-with-django-for-storage
I am a long fan and user of Cloudflare and with Cloudflare R2 i am more in love with cloudflare.
Cloudflare R2 is one of the amazing and interesting service that Cloudflare has released. It's called,
Rapid and Reliable Object Storage, minus the egre...
Read: https://djangotherightway.com/using-cloudflare-r2-with-django-for-storage
Transitioning into tech: A mechanical engineer’s perspective
They say fortune favors the brave and I've recently taken the brave decision to transition from Mechanical Engineering to Software Engineering. My name is Daniel from Nairobi Kenya. As the title suggests, I'm a 27 year old mechanical engineer transit...
Read: https://stai.hashnode.dev/transitioning-into-tech-a-mechanical-engineers-perspective
They say fortune favors the brave and I've recently taken the brave decision to transition from Mechanical Engineering to Software Engineering. My name is Daniel from Nairobi Kenya. As the title suggests, I'm a 27 year old mechanical engineer transit...
Read: https://stai.hashnode.dev/transitioning-into-tech-a-mechanical-engineers-perspective
Python virtual environment using virtualenvwrapper is now in Linux too.
By setting up the python2/python3, pip package manager.
You can install the virtualenv package, then
create ➜ activate ➜ deactivate
the virtual environment customly.
It was working on Windows only, but now Linux too,
just adding some bash script in...
Read: https://ajayin.hashnode.dev/python-virtual-environment-using-virtualenvwrapper-is-now-in-linux-too
By setting up the python2/python3, pip package manager.
You can install the virtualenv package, then
create ➜ activate ➜ deactivate
the virtual environment customly.
It was working on Windows only, but now Linux too,
just adding some bash script in...
Read: https://ajayin.hashnode.dev/python-virtual-environment-using-virtualenvwrapper-is-now-in-linux-too