Writing your first Django app, part 4
https://docs.djangoproject.com/en/3.0/intro/tutorial04/
Github Tag: https://github.com/studroid/writing-your-fisrt-django-app/commits/Part-4-Finished
CSRF Token의 동작 원리 - 추가 정리 필요
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#token-based-mitigation
토큰 방식의 한계? - 토큰 노출 시https://www.researchgate.net/publication/290470465_Enhanced_CSRF_Defense_Using_a_Secret_Value_Between_Server_and_User
쉬운 설명
https://itstory.tk/entry/CSRF-%EA%B3%B5%EA%B2%A9%EC%9D%B4%EB%9E%80-%EA%B7%B8%EB%A6%AC%EA%B3%A0-CSRF-%EB%B0%A9%EC%96%B4-%EB%B0%A9%EB%B2%95
CSRF 공격의 핵심: A CSRF attack simply takes advantage of the fact that the browser sends the Cookie to the web application automatically with each and every request.
-> Browsers send all relevant cookies to the destination web site.
https://medium.com/@charithra/introduction-to-csrf-a329badfca49
CSRF 토큰은 쿠키에 저장되고, 쿠키는 브라우저에서 사전 설정이 없는 한 Same-Origin Access만 되기 때문에 Django의 CSRF Token 방식이 가능
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#token-based-mitigation
토큰 방식의 한계? - 토큰 노출 시https://www.researchgate.net/publication/290470465_Enhanced_CSRF_Defense_Using_a_Secret_Value_Between_Server_and_User
쉬운 설명
https://itstory.tk/entry/CSRF-%EA%B3%B5%EA%B2%A9%EC%9D%B4%EB%9E%80-%EA%B7%B8%EB%A6%AC%EA%B3%A0-CSRF-%EB%B0%A9%EC%96%B4-%EB%B0%A9%EB%B2%95
CSRF 공격의 핵심: A CSRF attack simply takes advantage of the fact that the browser sends the Cookie to the web application automatically with each and every request.
-> Browsers send all relevant cookies to the destination web site.
https://medium.com/@charithra/introduction-to-csrf-a329badfca49
CSRF 토큰은 쿠키에 저장되고, 쿠키는 브라우저에서 사전 설정이 없는 한 Same-Origin Access만 되기 때문에 Django의 CSRF Token 방식이 가능
Django Template Language의 For 반복문 안에서
{{ forloop.counter }} index starts at 1.
{{ forloop.counter0 }} index starts at 0.
{{ forloop.counter }} index starts at 1.
{{ forloop.counter0 }} index starts at 0.
request.POST['choice']
will raise KeyError
if choice
wasn’t provided in POST data. The above code checks for KeyError
and redisplays the question form with an error message if choice
isn’t given.reverse(), resolve_url() 등 이름으로 URL을 생성하는 함수에 대한 설명
https://wayhome25.github.io/django/2017/05/05/django-url-reverse/
https://wayhome25.github.io/django/2017/05/05/django-url-reverse/
Race Condition(두 스레드가 공유 자원에 접근 시, 원본 값 기준 업데이트로 인해 한 스레드의 작업이 버려지는 경우) 회피 방법 - F 객체 사용 -> 파이썬 메모리에서 작업하지 않고 SQL로 직접 처리
https://docs.djangoproject.com/en/3.0/ref/models/expressions/#avoiding-race-conditions-using-f
https://docs.djangoproject.com/en/3.0/ref/models/expressions/#avoiding-race-conditions-using-f
Class-based View (Generic View)에 대한 아래 설명 중요!
We’re using two generic views here: ListView and DetailView. Respectively, those two views abstract the concepts of “display a list of objects” and “display a detail page for a particular type of object.”
We’re using two generic views here: ListView and DetailView. Respectively, those two views abstract the concepts of “display a list of objects” and “display a detail page for a particular type of object.”
Each generic view needs to know what model it will be acting upon. This is provided using the model attribute.
The DetailView generic view expects the primary key value captured from the URL to be called "pk", so we’ve changed question_id to pk for the generic views.
By default, the DetailView generic view uses a template called <app name>/<model name>_detail.html. In our case, it would use the template "polls/question_detail.html". The template_name attribute is used to tell Django to use a specific template name instead of the autogenerated default template name. We also specify the template_name for the results list view – this ensures that the results view and the detail view have a different appearance when rendered, even though they’re both a DetailView behind the scenes.
Similarly, the ListView generic view uses a default template called <app name>/<model name>_list.html; we use template_name to tell ListView to use our existing "polls/index.html" template.
Class-based View에 대한 추가 학습:
https://docs.djangoproject.com/en/3.0/topics/class-based-views/
https://docs.djangoproject.com/en/3.0/topics/class-based-views/