Opened 17 years ago

Closed 16 years ago

#7358 closed (invalid)

[patch] create_default_site: configurable default domain name

Reported by: Etienne Robillard Owned by: nobody
Component: Contrib apps Version: dev
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Hi,

The create_default_site function in the django.contrib.sites.management
module hardcodes example.com as the default site. I think this is potentially
harmful for users because it can be exploited remotely.

A better hardcoded value would be to use 'localhost' or socket.gethostname
as the default domain name. The attached patch implements the later for resolving
the default domain name.

Attachments (1)

003_create_default_site.patch (1.3 KB ) - added by Etienne Robillard 17 years ago.
Uses socket.gethostname to resolve the default domain name

Download all attachments as: .zip

Change History (2)

by Etienne Robillard, 17 years ago

Uses socket.gethostname to resolve the default domain name

comment:1 by Malcolm Tredinnick, 16 years ago

Resolution: invalid
Status: newclosed

Since example.com is explicitly reserved in RFC 2606, it's not open to any kind of effective exploitation.

In future, perhaps you could have researched this rather than calling the developers stupid in the patch. Just a thought.

Note: See TracTickets for help on using tickets.
Back to Top