profile picture

Pages 1 - 3 of 3 with tag "django"


Announcing: django-paranoid-sessions

August 15, 2009
[ python | django ]

Like most web frameworks, Django provides a convenient mechanism for storing data across requests in a persistent "session" object. Like most web frameworks, Django implements sessions using a simple mapping from a "session key" to a session object stored on the server. And like most web frameworks, Django's default session implementation is trivially vulnerable to session hijacking attacks.

read more >>

Testing file uploads in Django

January 28, 2009

Following my previous post on testing Django with Windmill, I quickly ran into a common snag with in-browser web app testing: it's not possible to programmatically set the value of file input fields. This makes it very difficult to test file upload functionality using frameworks such as Windmill or Selenium.

In Firefox it's possible to request elevated permissions for your unit tests, but this is far from ideal. It means the tests are no longer automatic (you have to click "yes, grant this page extra permissions" whenever the tests are run) and it takes other browsers out of the testing loop. Like many things in life, the easiest solution seems to be simply to fake it.

read more >>

Django + unittest + Windmill == Goodness

January 22, 2009

I've been having my mind blown by Django over the course of this week. Not the in flashy one-shining-moment-of-brilliance kind of way, but through a slowly dawning awareness of just how much it makes possible. Or perhaps it's more accurate to say: just how much I need to re-calibrate my expectations of what should be possible, and what should be downright easy. My latest little epiphany has revolved around unit-testing, which back when I was cutting my teeth on PHP4 was far from a trivial undertaking for even a simple web-app.

read more >>