web analytics
Skip to main content
Django Python

How to generate a Django password

OK, this is for anyone who needs to manually generate a Django password. I was faced with this problem because I needed to manually insert a new Django user in the database. So, how to take the desired plain text password and to convert it properly so that you can insert it in the “password” field of the auth_user table in the Django database?

To answer this question, I had to take a look at the way Django handles user passwords. Basically, I needed to look at the following Python files from Django repository: utils.py, utils/encoding.py, utils/functional.py.

I’ve grabbed just the functions that I needed and put them together in the following piece of code that you can use.

(more…)

shouldichangemypassword.com

Should I change my password?

shouldichangemypassword.com

This is as  interesting Website where you can enter you email address and see if it has been compromised in a number of public released hacked email databases:

Up to now, the site database has almost 800,000 email records, and the author is constantly adding new data as soon as they get public.

Try with your email and see if it has already been compromised.

And just in case, remember to change your password on a regular basis, and ALWAYS use strong passwords. Also, do not use the same password though different Websites.

WordPress 3.0.4 critical update

WordPress has just announced that it has released a patch to solve a critical security problem in its HTML sanitation library (KSES). Apparently, the bug is really serious, since they have asked all site adminstrators to apply the patch ASAP, even before the holiday.

So, let’s run for the fix and prepare ourselves for a nice New Year’s Eve!

WordPress version 3.0.4 can be downloaded here (the update can also be made directly through WordPress Dashboard).

Problem: Lucene demo Web application does not work

After installing Lucene 3 with Tomcat 6 in Ubuntu Linux, I’ve spent some hours trying to put Lucene’s demo Web application to work. Lucene console demo was working nice, but when I tried to run any query in the demo Web application, it returned this error:

java.lang.NoClassDefFoundError: Could not initialize class org.apache.lucene.store.FSDirector

(Note: The demo Web application home page worked fine. The problem ocurred when I tried to run a query).

This was very strange, because everything seemed to be correct, I had followed all the instructions found in the “Apache Lucene – Building and Installing the Basic Demo” document.

I googled it in many forums, but I found no trace of a decent answer that was fit to my problem.

It seemed that the problem was somehow related to some security configuration, maybe file permissions, because sometimes I also got this message in the log:

java.security.AccessControlException: access denied (java.util.PropertyPermission sun.arch.data.model read)

But even after giving all possible permissions to the Tomcat user in the directory where my Lucene index was, it did not work. I kept receiving the same messages.

Finally, after hours struggling, looking at the tomcat6 initialization script (located in /etc/init.d), I noticed that there was this option:

# Use the Java security manager? (yes/no)
TOMCAT6_SECURITY=yes

Well, why not give a try? Let’s change this to “no”:

TOMCAT6_SECURITY=no

Now let’s test it: restart Tomcat6… Run a query… BINGO! It worked!!!

Why is this? I didn’t have time to investigate, but it seems that it’s a Tomcat 6 security directive that forces applications to adhere to some security scheme. Obviously, that wasn’t the case with Lucene demo Web application.  :)

After making some more googling, I’ve found that this bizarre problem affects a lot of other programs, and sometimes even database connections started from Tomcat do not work when this option is on.

In fact, there’s a whole bunch of forum discussions and applications’ installation pages telling people to disable this directive in order to work. But nobody gives a clue about the reason behind this…

Anyway, at least we have the solution.

GoogleSharing: protect yourself from Google

Google Sharing
Google Sharing

Ever wondered how much information Google holds about your Internet wanderings? Paranoid about being constantly observed by the 21st century Big Brother?

Then take a break and install GoogleSharing, a Firefox extension that anonymizes your Google searches and navigation, preventing the Mountain View company from tracking your whereabouts.

The extension connects to a kind of proxy server that works by creating a series of random identities to be used by you, in such a way that, every time that you request a piece of information from the Internet behemoth, it’s the random identity data that is sent to Google servers, not yours. The random identity sends to Google a request containing a cookie issued by Google itself and a random User-Agent for one of the various popular Internet browsers. Random identities are used through a proxy, that can be installed in any server. So, anyone can install his own proxy to be accessed by other users.

A last thing: the system is completely transparent to the user and doesn’t interfere in web traffic other than Google’s.

Cool, huh? Indeed. Unfortunately, it seems that the service (still) doesn’t work for Google services that require you to be logged in (e.g., Gmail). But, as somebody said, it’s a small step for man, but a giant leap for mankind in the path of protecting privacy.

GoogleSharing was created by computer security researcher Moxie Marlinspike, and can be downloaded here.

Google Sharing