On Fri, Apr 11, 2008 at 6:28 PM, ydjango <[EMAIL PROTECTED]> wrote: > currently I am using constructing url as /house/edit/123/ > where 123 is house data base primary key for that house. > > Can exposing the primary key in url be any security issue? > > (r'^house/edit/(\d+)/$',editHouse) > > Is there alternative way without exposing the primary key in url?
There is no security issue unless you care about people knowing how many houses are in your system. However, if you're looking for an alternative, and if you have access to an MLS[1] or similar database, the listing number will be unique within a given MLS database. This makes for a useful identifier, particularly if your users are realtors or work in the real-estate industry since they'll already be familiar with the system and telling them to just visit "/house/<MLS number>/" is easy ;) [1] http://en.wikipedia.org/wiki/Multiple_Listing_Service -- "Bureaucrat Conrad, you are technically correct -- the best kind of correct." --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
