#django

stown: heh funny you should mention that - I literally just started using django-countries

isn't web2py even more magical than Django?

Nizumzen: very great app. i have a dutch admin interface and the country list is in dutch so it adapts

stown: cool

kezabelle: some things are great but there are no or just a few companies that develop in web2py

yeah, much of the ecosystem has clustered around django and flask

kezabelle: my company, and company of my boss are the only in dutch i am afraid.

kezabelle: i made factweb.nl an online invoice system and holidayadministration.com also in web2py

kezabelle: you can do great things with it but for advanced things where you got multiple apps and modules et cetera my opinion is that django is better.

kezabelle: django is more scalable

Trying to pull form data from a request, and they are not getting the value, but rather the empty strings.. anyone see anything wrong with this def? https://dpaste.de/ioRC

well, what's being POST'd?

kezabelle: heres the form https://dpaste.de/2jL3

none of those inputs have names :o)

are you telling me it pulls from the name NOT the ID

ckpoint: the browser determines the value's key in POST by the fields name, not by its id. So yeah, it uses the name

knbk: od dammit, its a little to early in the morning on a friday for me to start bashing my head against the wall…

knbk: thanks

what can we help you with today delgiudices? :)

hey shangxiao morning

nothing for now until i start getting errors :p

better get your websites using SSL soon: https://blog.mozilla.org/security/2015/04/30/de...

Wow

yay

and by yay I mean "argh wtf"

"there have been statements from ... the US Government calling for universal use of encryption by Internet applications"

lol

well, at least I won't have to explain https to people anymore

i don’t know about https

never used it

get out!

lol j/k

I will learn i promise

you don't need to be a cryptologist to learn it, it's not that hard, just a few principles

delgiudices: just make sure you use eliptic curve cryptography in your server settings

delgiudices: and make sure you get an A+ here: https://www.ssllabs.com/ssltest/

Nizumzen: alright will do thanks

unlike my bank who seem to think using RC4 and MD5 is acceptable :|

wasn't eliptic curves compromised :)

md5 should be put in a museum already :)

shangxiao: but not rc4?

besides... we should ditch IP and move the internet to RINA

:P

Squarepy: I haven't heard that - got a link?

submitted my client's php/apache site to that ssl link, they got an F

shangxiao: heh that's pretty bad

they deserve it

what can you expect from a php dev xD

Insecure by default

the developer is the root of the problems

insecure minded by default ;)

well, they probably feel security is "hard"... because their tools make it hard... something you have to remember lots of less-than-easy things to do to achieve

yes, true

but this particular person was the person I was telling you about one day - completely unwilling to learn new things and move away from php & mysql

even though he has a nice comfy 9-5 position and paid well

perhaps _because_ he has a comfy 9-5?

i quit that 9-5 to escape php :)

and partly to escape him ;)

shangxiao: why do I get the distinct impression that that person probably has tons of SQL injection vulns in his code?

what's wrong with MD5?

I wonder if anyone can advise me on something... I am helping a person who inherited a codebase with lots of model inheritance plus mixins. I've never touched either of these much. They are asking me if it's bad to have a model with two abstract parent models and a mixin, and it *seems* bad to me, but I'm having trouble explaining why.

I'm completely unwilling to learn new things too, hence still being in here ;)

kezabell: at least you're on the right thing :)

Boogymanx: MD5 has been broken for years and years and years

Boogymanx: ...and years and years and years

Oh, damn

shangxiao: meh, elixir looks cool :p

Why is it still the default encryption in Django?

or was it SHA

idk

I'm not all that well-versed in security

jessamynsmith: inheritance and mixins to me, personally, is bad design

shangxiao: I agree, but why?

Boogymanx: it isn't IIRC

Boogymanx: anyway you should be using this password hasher for all new django projects: django.contrib.auth.hashers.BCryptSHA256PasswordHasher

Nizumzen: How do I change that from the default? is it a setting tuple?

composition > inheritance ;)

well inheritance is quite often used as an anti-pattern: people want to simply bunch together similar code because it looks similar without asking whether or not there is a true ISA relationship happening

what DISB said :)

inheritance violates information hiding

Boogymanx: https://docs.djangoproject.com/en/1.8/ref/setti...

Nizumzen: if I never changed it from the default, am I fine? :p

Yeah, it hasn't been md5 for a long time

mixins also feel like cheap and nasty ways to refactor code

heh

Boogymanx: probably but why not use the most secure password hasher you can?

Boogymanx: bcrypt with SHA256 is pretty darn good

shangxiao what makes you say that??

thanks for the insights... my gut feeling was "blah" but this is a new person and they wanted a good explanation

Boogymanx: for something that takes 2 seconds to change it is definately worth it

not just "don't do it because I told you so"

Nizumzen: what happens to my existing users if I change that?