Go to file
Simon Charette 384ac0990f Refs #32061 -- Prevented password leak on MySQL dbshell crash.
The usage of the --password flag when invoking the mysql CLI has the
potential of exposing the password in plain text if the command happens
to crash due to the inclusion of args provided to
subprocess.run(check=True) in the string representation of the
subprocess.CalledProcessError exception raised on non-zero return code.

Since this has the potential of leaking the password to logging
facilities configured to capture crashes (e.g. sys.excepthook, Sentry)
it's safer to rely on the MYSQL_PWD environment variable instead even
if its usage is discouraged due to potential leak through the ps
command on old flavors of Unix.

Thanks Charlie Denton for reporting the issue to the security team.

Refs #24999.
2020-10-30 10:12:52 +01:00
.github Enabled GitHub security policy. 2020-05-07 17:25:46 +02:00
.tx
django Refs #32061 -- Prevented password leak on MySQL dbshell crash. 2020-10-30 10:12:52 +01:00
docs Refs #32061 -- Unified DatabaseClient.runshell() in db backends. 2020-10-29 22:22:58 +01:00
extras Fixed #23433 -- Deprecated django-admin.py entry point in favor of django-admin. 2019-12-06 12:11:44 +01:00
js_tests Fixed #32062 -- Added %b support to Date.strftime. 2020-10-28 11:11:37 +01:00
scripts Refs #30116 -- Simplified stdout/stderr decoding with subprocess.run()'s encoding argument. 2019-11-04 11:21:25 +01:00
tests Refs #32061 -- Prevented password leak on MySQL dbshell crash. 2020-10-30 10:12:52 +01:00
.editorconfig Refs #29784 -- Switched to https:// links where available. 2018-09-26 08:48:47 +02:00
.eslintignore
.eslintrc Enabled ESLint's "eqeqeq" rule. 2020-05-18 07:42:51 +02:00
.gitattributes
.gitignore
AUTHORS Fixed #26390 -- Disabled grouping by Random(). 2020-10-21 20:54:53 +02:00
CONTRIBUTING.rst
Gruntfile.js Fixed qunit tests (coverage still missing). (#7716) 2016-12-19 18:45:37 +01:00
INSTALL Refs #30948 -- Updated install instructions to use pip instead of setup.py. 2019-11-08 13:26:35 +01:00
LICENSE
LICENSE.python Updated Python license for 2020. 2020-02-04 11:58:12 +01:00
MANIFEST.in Fixed #31524 -- Removed minified static assets from the admin. 2020-05-14 16:07:56 +02:00
README.rst Linked to DSF fundraising page from README. 2020-08-05 13:47:26 +02:00
package.json Removed bundled QUnit in favor of npm package. 2020-03-17 15:43:59 +01:00
setup.cfg Refs #31040 -- Doc'd Python 3.9 compatibility. 2020-10-13 08:35:01 +02:00
setup.py Fixed #30948 -- Changed packaging to use declarative config in setup.cfg. 2019-11-08 14:14:13 +01:00
tox.ini Refs #31670 -- Used allowlist_externals in tox.ini. 2020-10-26 09:09:59 +01:00

README.rst

======
Django
======

Django is a high-level Python Web framework that encourages rapid development
and clean, pragmatic design. Thanks for checking it out.

All documentation is in the "``docs``" directory and online at
https://docs.djangoproject.com/en/stable/. If you're just getting started,
here's how we recommend you read the docs:

* First, read ``docs/intro/install.txt`` for instructions on installing Django.

* Next, work through the tutorials in order (``docs/intro/tutorial01.txt``,
  ``docs/intro/tutorial02.txt``, etc.).

* If you want to set up an actual deployment server, read
  ``docs/howto/deployment/index.txt`` for instructions.

* You'll probably want to read through the topical guides (in ``docs/topics``)
  next; from there you can jump to the HOWTOs (in ``docs/howto``) for specific
  problems, and check out the reference (``docs/ref``) for gory details.

* See ``docs/README`` for instructions on building an HTML version of the docs.

Docs are updated rigorously. If you find any problems in the docs, or think
they should be clarified in any way, please take 30 seconds to fill out a
ticket here: https://code.djangoproject.com/newticket

To get more help:

* Join the ``#django`` channel on irc.freenode.net. Lots of helpful people hang
  out there. See https://freenode.net/kb/answer/chat if you're new to IRC.

* Join the django-users mailing list, or read the archives, at
  https://groups.google.com/group/django-users.

To contribute to Django:

* Check out https://docs.djangoproject.com/en/dev/internals/contributing/ for
  information about getting involved.

To run Django's test suite:

* Follow the instructions in the "Unit tests" section of
  ``docs/internals/contributing/writing-code/unit-tests.txt``, published online at
  https://docs.djangoproject.com/en/dev/internals/contributing/writing-code/unit-tests/#running-the-unit-tests

Supporting the Development of Django
====================================

Django's development depends on your contributions. 

If you depend on Django, remember to support the Django Software Foundation: https://www.djangoproject.com/fundraising/