Thank you - my thoughts too I cannot trust anything returned from a client so it... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

lifeisstillgood on Jan 17, 2013 | parent | context | favorite | on: Our Django Book is Launched

Thank you - my thoughts too

I cannot trust anything returned from a client so it seems best to Only return one thing from the client

As for a carefully vetted security pro - that's great but I am looking for basic generic best practises (we know that has evolved from md5 hashes to bcrypt but what else is there?)

It seems either a hole in my education or a hole in general common knowledge

ivix on Jan 17, 2013 [–]

I think the point of a framework like django is that the defaults are best practices.

It's good to understand why it does the things it does, but without a certain amount of trust in the framework, you can lose a lot of it's advantages.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact