On Jun 13, 2012 8:12 PM, "Doug Blank" <[email protected]> wrote: > > I, too, was thinking about this kind of solution. In fact, it came up > for me the other day because I had forgotten to exclude a field that I > did not have on the form, and so the value ended up getting wiped out > when I saved. So, perhaps a solution that prevented others from adding > fields could also be a solution that checked to make sure that the > form was editing all fields it should be. >
That suggests an idea to me. Perhaps the best way to check this isn't on the way out in the template renderer, but rather on the way back in in the form validation. If the form doesn't get back exactly those fields it sent out then you know that for whatever reason, the field was unable to make a round trip. In a ModelForm with implicit fields this is the root cause of this whole security dilemma. This solution is parsimonious because it's easy to explain: "If a form didn't get back all the fields it expected then there was probably an error of omission rendering it. This causes a security hole where an attacker can modify fields the developer doesn't expect, for further examples see <link to description of rails debacle>" It's an easy thing to justify turning on in an opt-out fashion, Meta.allow_partial_submissions or something. Best, Alex Ogier -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
