If this is a concern, you may want to take a look at Pyro. If this is intended to be an application that runs over a network, you can put the django code on the server and execute it as a remote object. This abstracts the code and prevents access to the full database API.
On Mar 22, 11:14 pm, "Matthew Flanagan" <[EMAIL PROTECTED]> wrote: > On 3/23/07, Kenneth Gonsalves <[EMAIL PROTECTED]> wrote: > > > > > On 23-Mar-07, at 6:22 AM, Mike Stoddart wrote: > > > > For example, I have a web app that defines a number of models. People > > > use the web interface but I also want to write some Python utils that > > > access the same database and data using the same models as standalone > > > applications. > > > as i am very fond of saying - django is nothing but python > > Yes, but Django auth is really only for web apps and can be easily > bypassed in commandline scripts, for example: > > $ python > Python 2.4.4 (#1, Mar 21 2007, 14:34:56) [C] on sunos5 > Type "help", "copyright", "credits" or "license" for more information. > > >>> from myapp.models import SomeThing > >>> for obj in SomeThing.objects.all(): > >>> obj.delete() > > If the full Django api is available on the system then this kind of > thing is difficult to prevent. > > > -- > > > regards > > kg > >http://lawgon.livejournal.com > >http://nrcfosshelpline.in/web/ > > -- > matthewhttp://wadofstuff.blogspot.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
