I've been playing around with some ideas and was hoping to get
feedback about what the "right" sort of way to do it would be
(the Django analog to "Pythonic").
Various models have sensitive fields associated with them that
should only be available to a template if the requester is on a
"secure" connection (whether HTTPS or on a private subnet, as
tweaked into the request object by a middleware).
I'm trying to figure out how best to both tag these fields as
redacted, and how to intercept them in the template rendering.
Thus, if you're on a secure connection (as defined above),
person.mothers_maiden_name
returns the value
"Smith"
whereas on a non-secure connection, it would return something like
"[REDACTED]"
or just the empty string.
For tagging fields, since for my purposes most of them are just
CharFields, making a custom RedactedCharField might be feasible,
but I'm stymied by getting the "request" object in order to
behave properly. I've also thought it also might be nice to have
this in the Meta instead, something like this frightening example :)
class Meta:
redacted = set(
'account_number',
'social_security',
'credit_card_number',
'license_number',
'mothers_maiden_name')
For the sake of DRY, I'm not sure where to put the redacting
code. It doesn't go well in a view or template (have to
duplicate the redacting code in every view or make sure every
template filters every possibly-redacted-field through a "redact"
filter that magically gets the request context), and it doesn't
go so well in a model because it requires the "request" object to
determine whether it should be redacted or not. The best place
I've been able to come up with is hacking the template rendering
code, but this still seems a bit ugly.
In a pinch, I can always just use a "redacted" filter in my
templates, but that requires a vigilance best left to declarative
code rather than this forgetful programmer.
The recent work on auto-escaping HTML that just hit trunk sounds
like it might have had some helpful hints in it, but I haven't
gotten to look at that quite yet. Tales from the implementor(s)
could be full of helpful caveats from lessons learned.
I'd appreciate any thoughts on
- how to mark a field as redacted
- where to implement the redaction (and how to get the request
object to it)
- any obvious bits I've missed
Thanks,
-tim
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
