Tuesday, April 28, 2015

Re: How to rename crfstoken

Hi Vermus,

Calling this a security "breach" is a bit inaccurate; but I certainly agree that it is good practice to make the framework undetectable from the client side.

That's why there's a setting that does exactly what you suggest:


Yours,
Russ Magee %-)


On Tue, Apr 28, 2015 at 3:27 PM, Vermus <vermus.jabber@gmail.com> wrote:
Hi, i found, that my site is detected by http://trends.builtwith.com/framework/Django-CSRF by crfstoken header.
I think, it's security breach, when users know what framework is used on server side.
There must have such web server tuning, that no one can detect framework and server side programming language.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/768a1d03-e749-428a-8094-4a2d2f27e873%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAJxq84_eWoKaAwpYWeGkMa%3DZMFNAh3Qxe0REqBtydDRPYRpBmA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

No comments:

Post a Comment