About Escaping Passwords in HTTP Basic Authentication URLs
When using HTTP Basic Authentication URLs, don't forget to escape the passwords, because they might include characters such as these /@:#?&=+
, which could break the URL parsing or introduce exploitations for hackers:
from urllib.parse import quote_plus
encoded_password = quote_plus(PASSWORD)
ELASTICSEARCH_DSL = {
"default": {
"hosts": f"https://{USER}:{encoded_password}@{DOMAIN}",
}
}
Tips and Tricks Programming Security Django 5.2 Django 4.2 Django 3.2 Python 3 Django Elasticsearch DSL
Also by me
Django Paddle Subscriptions app
For Django-based SaaS projects.
Django GDPR Cookie Consent app
For Django websites that use cookies.