Django

Code

Ticket #7358 (closed: invalid)

Opened 2 years ago

Last modified 2 years ago

[patch] create_default_site: configurable default domain name

Reported by: erob Assigned to: nobody
Milestone: Component: Contrib apps
Version: SVN Keywords:
Cc: Triage Stage: Unreviewed
Has patch: 1 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

Hi,

The create_default_site function in the django.contrib.sites.management module hardcodes example.com as the default site. I think this is potentially harmful for users because it can be exploited remotely.

A better hardcoded value would be to use 'localhost' or socket.gethostname as the default domain name. The attached patch implements the later for resolving the default domain name.

Attachments

003_create_default_site.patch (1.3 kB) - added by erob on 06/03/08 12:30:36.
Uses socket.gethostname to resolve the default domain name

Change History

06/03/08 12:30:36 changed by erob

  • attachment 003_create_default_site.patch added.

Uses socket.gethostname to resolve the default domain name

08/08/08 11:38:37 changed by mtredinnick

  • status changed from new to closed.
  • needs_better_patch changed.
  • resolution set to invalid.
  • needs_tests changed.
  • needs_docs changed.

Since example.com is explicitly reserved in RFC 2606, it's not open to any kind of effective exploitation.

In future, perhaps you could have researched this rather than calling the developers stupid in the patch. Just a thought.

Add/Change #7358 ([patch] create_default_site: configurable default domain name)




Change Properties
Action