Talk given by Ash Christopher
Published on Mar 12, 2012
A deep dive into writing tests with Django, covering Django’s custom test-suite-runner and the testing utilities in Django, what all they actually do, how you should and shouldn’t use them (and some you shouldn’t use at all!). Also, guidelines.
End of May I had the opportunity to present my research on cache side channel attacks at the “Hack In The Box” conference. After my presentation with Nishat Herath last year at black hat I published my private comments to that slide deck and that was well received. I had decided to do that again for “Hack In The Box”, unfortunately it took me a little longer to translate my comments into something human readable. But here they are. Since the comments relate directly to a specific slide in the slide deck you’ll probably want to have the slide deck open when reading this blog post. You can find them here: https://conference.hitb.org/hitbsecconf2016ams/materials/D2T1%20-%20Anders%20Fogh%20-%20Cache%20Side%20Channel%20Attacks.pdf
If you use a source control system (CVS, SVN, …), or want to publish your application on the web, it may be a good idea to move sensitive or machine/user specific settings like database passwords and such out of the main settings.py file.
As discussions on the django-developers mailing list have shown everybody has different requirements and ideas how to do this. This page is meant to collect some of these ideas for future reference.
One thing to keep in mind is that Django’s config files are pure Python. This gives you the ultimate flexibility to handle configurations the way you think is best. Or to quote Adrian Holovaty:
We don’t need a default solution for this. It’s not within the scope of this project to tell people how they should organize their settings files. Take that opportunity to showcase your individualism.