widelands-dev team mailing list archive

Thread
Date

Re: [Merge] lp:~widelands-dev/widelands-website/fix_REMOTE_ADDR into lp:widelands-website

To: mp+308337@xxxxxxxxxxxxxxxxxx
From: SirVer <SirVer@xxxxxx>
Date: Sat, 15 Oct 2016 17:06:39 -0000
In-reply-to: <20161013070044.14846.22410.launchpad@ackee.canonical.com>
Reply-to: mp+308337@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

> Thanks for pointing me to dict.get().... i am too stupid :-S

you are quite harsh on yourself. missing something in the huge pile of documentation that is django + python is really quite easy. 

> Regarding the tracking app: It's just my personal view... i don't like shipping an app with the widelands code when much code of it is potentially unused. 

I agree. Unused code should be deleted. But I think there are more useful things in the homepage than removing unused code - that said, if you want to do it I will gladly review it :)

> request variables

A bit of googling says you are probably right: https://www.djangoproject.com/weblog/2009/jul/28/security/#secondary-issue

We cannot rely on any of these variables to be set or even correct. I suggest we return a known false IP that we can recognize in the database instead. For example 192.168.23.42 or something like this. And we should probably not use the IP for anything besides what we maybe require for SPAM services. 


-- 
https://code.launchpad.net/~widelands-dev/widelands-website/fix_REMOTE_ADDR/+merge/308337
Your team Widelands Developers is subscribed to branch lp:widelands-website.

References

[Merge] lp:~widelands-dev/widelands-website/fix_REMOTE_ADDR into lp:widelands-website
From: kaputtnik, 2016-10-13