Greg Guthe
Greg Guthe
It'd be good to support [password-validation](https://docs.djangoproject.com/en/1.9/topics/auth/passwords/#password-validation) added in Django 1.9. It's currently possible to reset passwords to one char (e.g. `a`), common passwords (e.g. `abc123`), and the username (e.g. username...
As far as I can tell, password reset links aren't invalidated or expired after they are used:  The reset token is equivalent to a password since it allows anyone...
It'd be useful to flag packages without hashes in requirements files.
see https://github.com/mozilla-services/buildhub/pull/393 Any of the following would be helpful: * highlighting the importance of the whitespace in the "pin directive per file" example on https://pyup.io/docs/bot/config/ * handling NoneType items in...
**Build:** Dev **Steps to reproduce:** 1. For Monitor Kanary, log in using an existing account. 2. Go to “Exposures” menu and scroll down to the form. 3. Enter "abc" in...
It is more robust than referrer checking and a nice addition to tokens. http://seclab.stanford.edu/websec/csrf/csrf.pdf (proposed here) https://wiki.mozilla.org/Security/Origin
Not fully supported yet, but worth mentioning. https://caniuse.com/#feat=same-site-cookie-attribute https://tools.ietf.org/html/draft-west-first-party-cookies-07 https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_cookies
remove @g-k
Changes: * add an example docker compose override file for local dev * add a `unit-test` make target (the image is only used for CI, but it's included since we...
nit: Seeing this set of fields in a number of locations, I wonder if this should be moved to a struct that can output a `log.Fields`. _Originally posted by @ajvb...