Django 1.2 Brings Security Improvements

by Joe Brockmeier - May. 21, 2010Comments (0)

The Django Web framework got a major update this week with the release of Django 1.2 on Monday. This release brings some security improvements, better email handling, performance improvements, and better localization support.

Django is a Python based framework for rapid Web development. The 1.2 release has been in progress for about a year, with the project following a release cycle of approximately nine months for major releases. At least that's the plan.

The new release sports the ability to use more than one database, a message framework to store and display messages to clients, and expands the range of characters that can be used for usernames. If you need or want to use @, +, -, or . in a username, now's your chance. This might be an important feature for migrating old applications to Django.

One of the more interesting features in this release is better protection against Cross-Site Request Forgery (CSRF) attacks. A CSRF attack is when a malicious site contains some sort of action that calls a trusted site and attempts to perform an action on behalf of a logged-in user. For example, an attacker might try to run an event against a Django site that you're logged into. Developers can now add CSRF protection to templates and forms.

In all, 1.2 includes quite a few improvements and should be really interesting for anyone already working with Django or thinking about getting started with it. Want a deeper dive into Django 1.2 goodness? Aside from the very complete release notes (other projects should be paying attention), there's the Django Advent site that has several pieces looking at the improvements in 1.2 and how to use them. Learn how to use the new email features, or better syndication features, or get the full scoop on Django 1.2's CSRF protection.