Changes between Version 3 and Version 4 of SummerOfCode2012


Ignore:
Timestamp:
Mar 6, 2012, 7:33:06 PM (13 years ago)
Author:
Paul McMillan
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • SummerOfCode2012

    v3 v4  
    1212
    1313 * Andrew Godwin (andrew@aeracode.org) -- schema alteration, IPv6 support
     14 * Paul McMillan (paul@mcmillan.ws) -- Security Improvements
    1415
    1516== Students ==
     
    7778 * The [source:django/trunk/django/template django.contrib.auth code module]
    7879 * Discussions about [http://groups.google.com/group/django-developers/browse_thread/thread/c8e2397fefd85030 "Lazy foreign keys"]
     80
     81=== Security Enhancements ===
     82 * '''Complexity:''' Medium
     83
     84Django has developed many security features over time. The existing set of security features is pretty good, but there's lots of room for improvement. Much of the work in this project will be related to cleaning up existing code to make it more obviously secure, eliminate edge cases, and and improve fallback handling.
     85
     86Some potential areas of work include:
     87 * Enhancing CSRF protection (#16859)
     88 * Centralizing randomized token issuance and validation
     89 * Integrating carljm's django-secure project (https://github.com/carljm/django-secure)
     90 * Building an interactive admin dashboard to display and check installation security parameters
     91 * Targeted Code audit for a specific list of security errors
     92
     93While an interest in security will make these tasks more interesting, most of them don't require you to be a security expert already. Your your mentor will help you plan a feature before implementing it, and carefully review your code before it is committed to trunk. Most of these tasks will be significantly easier if you already have some familiarity with Django's codebase. A successful application will have a plan which selects related areas of work, provides details, and has a good estimation of complexity for the proposed tasks. Remember that (especially for security work) a good patch often has more lines of tests than code changes. An ideal applicant will be able to demonstrate the skill with Python and attention to detail necessary to make fundamental changes to Django without breaking existing code.
     94
     95Ideas that will probably not be accepted:
     96 * Adding database or cookie encryption support (unless you can provide a secondary mentor who is a crypto expert)
     97 * Proposals that strongly couple sessions with CSRF or Auth
     98 * Proposals to include external libraries in Django
     99
     100If you are interested in working on this project, please talk to us sooner rather than later! PaulM is usually available on IRC, and wants to help you write a really good application.
    79101
    80102=== Improved error reporting ===
Back to Top