Django Round-Up #15

Featured

Django Security Releases Issued

1.5.2, 1.4.6, and 1.6 beta 2 were released to address two cross-site scripting (XSS) bugs found in Django. The release notes state that, "While these issues present limited risk and may not affect all Django users, we encourage all users to evaluate their own risk and upgrade when possible." Unrelated, Django also issued a security advisory addressing the BREACH attack. Although not limited to Django, it's nice to know the core team is looking out for you.

DjangoCon US Talk Schedule

The long-awaited announcement of the DjangoCon speakers is finally upon us. Looks like there's some great talks lined up for next month's conference in Chicago and a couple of us from Lincoln Loop even managed to sneak talks in ( 1 , 2 ).

Routing and Prepping

Andrew Godwin's latest on his Kickstarter-funded effort to roll database migrations into Django core. He's putting the finishing touches on it and has a pull request open and close to being merge-ready. Look for the new migrate command to be a part of Django 1.7.

Links of Interest

Two New Django Round-up Podcasts

Brandon Konkle and Kenneth Love are on a role with the new podcast. In the last couple weeks they've hosted Tom Christie (Django REST Framework) and Daniel Lindsley (Haystack and Tastypie) as guests on the show.

Combining RFID, NFC and QRCodes with a django-oscar Online Shop

Here's a fun one. This post explores how to build a Django-based shop that you can drive traffic to via QR Codes or NFC in a virtual poster store ( watch this video if you aren't familiar).

Migrating to a Custom User Model in Django

An excellent post by Tobias McNulty of Caktus Group on how to migrate a legacy project to Django 1.5's custom user model. It goes through potential pitfalls to consider (do your 3rd party apps support it?) and details the exact steps necessary to move the data over.

Django 1.6's Best New Features and Important Changes

I usually don't link to slide decks, but this set from core developer, Julien Phalip, is great. Get ready for the imminent release of 1.6 by boning up on some of the new features you'll find under the hood.

Monkies for Ponies: CSRF, Django, Require (and Backbone/Marionette)

Django's baked-in CSRF tokens are great for securing your site, but often become a stumbling block when you are looking to post data outside of a traditional web form. This post details how to patch both Backbone.js' sync method and jQuery's ajax plumbing using Require.js, allowing you to globally take advantage of Django's CSRF protection.

Backbone.js with Django 1.5

Another Backbone/Django post. This one not only covers CSRF protection, but also setting up client-side templates, API frameworks, and some ideas on how to take it a step further to make it "real-time".

How I Used Dropbox to Store my Website Content

A clever setup that allows the author, Abhinay Omkar, to push new content to his site over Dropbox. By saving images or Markdown files to a specific Dropbox folder, they will be picked up by his server and immediately visible on his public site.

Django Hello World Web Application on Windows Azure

How to setup an Ubuntu server then build and host a basic "Hello World" Django application on the Windows Azure hosting platform.

Testing in Django

This post is loaded with best practices and examples of how to test your Django applications. It hits everything from unit tests to Selenium to coverage.

How to Take on a Large Django Project

The time will come in every professional developers career where it is time to take over somebody else's legacy code. In this post, you'll get some tips on how to get started and how to assess the health of the code you're taking over.

Respond to Email in Real-time with Django

There are lots of services out there that will parse email and send them to your app, but what if you want to roll your own? Here's a simple way to bounce emails from a Postfix mailserver into your Django app.

New & Updated Packages

• django-filter An application for allowing users to filter querysets dynamically.
• djangothis Serve static files and Django templates in current folder, for prototyping.
• django-sites A simple alternative to django.contrib.sites .
• django-debreach Middleware that implements a couple techniques to help protect against BREACH attacks.

Django Jobs

• Web Generalist at Lincoln Loop (yep, we're hiring!)
• Django+Python Guru at Intuit
• Front End Web Developer at Discovery Communications
• Senior Software Engineer at Eventbrite