Why cant you do something like this to avoid exposing data if people are
guessing primary keys....
if request.user == Users.objects.get(id=pk-url):
Show data
Else:
raise 404 or redirect to home page
The above requires a logged in a user but you get the idea of not allowing
people to start guessing to expose data.
Wes
On 10 May 2011 22:09, "Sean Brant" <brant.s...@gmail.com> wrote:
>
>
>
>
> On May 10, 2011, at 4:02 PM, "Cal Leeming [Simplicity Media Ltd]"<
cal.leem...@simplicitymedialtd.co.uk> wrote:
>
>> Sean, are you suggesting that the OP rely on base36 encoding for
security? Please tell me you are joking.
>
> No not at all, I thought he stated this does not have to be secure.
>
> If it does, then yeah my code is a bad idea. If security is a issue this
should be behind a password.
>
>> On 10/05/2011 15:32, Sean Brant wrote:
>>> Sorry I think I only responded to the original poster.
>>>
>>> >>> from django.utils.http import int_to_base36, base36_to_int
>>> >>> int_to_base36(123)
>>> '3f'
>>> >>> base36_to_int('3f')
>>> 123
>>>
>>> Sean
>>>
>>
>
> --
> You received this message because you are subscribed to the Google Groups
"Django users" group.
> To post to this group, send email to django-users@googlegroups.com.
> To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en.
