Skip to main content

A simple integration of the CTX defense against side-channel attacks for Django projects.

Project description

django-ctx
==============

A simple integration of the CTX defense against side-channel attacks for Django projects.

Requirements
============

- Python 2.5+
- Django 1.9+
- ctx-defense

Installation
============

- Install the latest stable version using ``pip``:

```sh
pip install django-ctx
```

Configuration
=============

- Add ctx to your *INSTALLED_APPS* setting:
```python
INSTALLED_APPS = (
...
'django_ctx',
)
```

- Ctx processes the *context* for template requests, which is implemented using a
*context processor*. Add the ctx processor to your *context_processors* setting:
```python
context_processors = (
...
'django_ctx.context_processors.ctx_protect',
)
```

Basic Usage
===========

- Load the ctx tag library:
```html
{% load ctx_tags %}
```

- Use the *ctx_protect* tag to use ctx on secrets:
```html
{% ctx_protect secret origin alphabet %}
```

*secret* is a string containing the secret that needs to be protected and *origin*
is a string uniquely identifying the CTX origin for the secret. *alphabet* is
an optional argument to define the alphabet that the secret belongs to, default
being 'ASCII' which refers to the [ASCII
printable](https://docs.python.org/2/library/string.html#string.printable) characters.

- Add the *ctx_permutations* tag to include the used permutations for each
origin:
```html
{% ctx_permutations %}
```
The *ctx_permutations* tag needs to be included after all *ctx_protect* tags
that use an origin for the first time. It is proposed that it is included
before the *</body>* HTML tag.

- Include the ctx *client script* in the template:
```html
<script src="ctx.js"></script>
```

Example
=======
```html
<!DOCTYPE html>

<html>

<head>
<meta charset="utf-8">
<title>django-ctx Example</title>
</head>

<body>
{% load ctx_tags %}

This is a very sensitive secret from origin1: {% ctx_protect "my secret" "origin1" %}
This is another very sensitive secret from origin2: {% ctx_protect "my other secret" "origin2" "ASCII_printable" %}

{% ctx_permutations %}
<script src="ctx.js"></script>
</body>

</html>
```


Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distributions

No source distribution files available for this release.See tutorial on generating distribution archives.

Built Distribution

django_ctx-1.0.0-py2.py3-none-any.whl (6.7 kB view hashes)

Uploaded Python 2 Python 3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page