> On Tue, Jun 19, 2012 at 8:42 PM, Honza Král <[email protected]> wrote: >> I believe exclude is way more useful than fields (I do see the >> security advantage but in my mind this is the case where convenience >> beats security, also still afraid of the fields = [f.name for f in >> ...]). > > Personally, I don't think convenience EVER beats security in a > framework like Django (if at all). This is the common "Oh but that > will never happen to me!" syndrome. Sane defaults that can be > overridden are going to always be better.
TL;DR: Convenience beats security when it would otherwise result in people circumventing the security alltogether (== using fields = [f.name for MyModel._meta.fields]) I do agree that security is important and a framework worth it's name should do everything it can to help people develop secure apps. However I believe (from talking to people around me and looking at my own code) that if we force people to use fields and nothing else the majority of people will do [f.name for f in MyModel._meta.fields] which is both terrible and insecure thus completely negating the desired effect (worst of both worlds - insecure and ugly/hard to use). If we instead just force users to specify one of fields or exclude (even if just saying exclude = ()) we accomplish our goal - the goal is not to make the app secure no matter what the developer thinks, it's forcing the user to think about the implications of their choices and pointing them to the right place. (if you don't supply exclude of fields you get an error with a link to docs) For me requiring fields falls on the same level as requiring super strong password (one lowercase, one uppercase, a digit and a special character) and requiring users to change them weekly while not repeating 10 last passwords. In theory that's very good security (I know it's not perfect and that http://xkcd.com/936/ is valid, I have seen this requirement quite often though), but if you just force it on people without the necessary education etc it will just result in majority of people writing their password down on the other side of their keyboard (I have seen this personally way too many times). We cannot force this on users, we must make them aware and educate them - I cannot stress this enough that I don't believe we can strong arm people into doing security right, we need to make them aware of the possible problem and provide them with good tools to help them deal with it. -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
