Opened 17 years ago
Closed 16 years ago
#7358 closed (invalid)
[patch] create_default_site: configurable default domain name
Reported by: | Etienne Robillard | Owned by: | nobody |
---|---|---|---|
Component: | Contrib apps | Version: | dev |
Severity: | Keywords: | ||
Cc: | Triage Stage: | Unreviewed | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Hi,
The create_default_site
function in the
django.contrib.sites.management
module hardcodes example.com as the default site. I think this is potentially
harmful for users because it can be exploited remotely.
A better hardcoded value would be to use 'localhost' or socket.gethostname
as the default domain name. The attached patch implements the later for resolving
the default domain name.
Attachments (1)
Change History (2)
by , 17 years ago
Attachment: | 003_create_default_site.patch added |
---|
comment:1 by , 16 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
Since example.com is explicitly reserved in RFC 2606, it's not open to any kind of effective exploitation.
In future, perhaps you could have researched this rather than calling the developers stupid in the patch. Just a thought.
Uses socket.gethostname to resolve the default domain name