In the Django tutorial, the URL to display a specific poll is something like polls/<poll-id>, when the <poll-id> is an incrementing number 1,2,3 ... etc.
This means the user can easily guess a <poll-id> and manually contruct the URL for it. I'd like to make this more difficult by having the <poll-id> a random string of letters and numbers, something like polls/r6gt7rj9. This is security by obscurity, of course, so if a user manages somehow to guess a valid poll-id, we still need to check that they are authorised to see it. Questions : (1) Should I make this the new primary key for the table, or just keep the old primary key and add this new url-id as an additional (indexed) field? (2) Is it appropriate to make the new field a SlugField? It's not really a slug, of course, since it's derived in a different manner, but it feels a lot like one. Would Django's special handling of SlugField mane that this may cause problems later? Thanks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users -~----------~----~----~----~------~----~------~--~---
