Hi All, I'm working on an invoice system, currently deployed the single user version in house. Next one is gonna be a full blown multi user setup. Having fairly good knowledge of security, I was wondering what would be best practice in Django for data separation. So user A only sees his customer data and not the data from user B.
Some side notes: - Since there's a good auth system in Django I would like to take full advantage of that. - User session info will be used so al app users see the same url. Thus not http://example.com/userid/customers but http://example.com/customers - Fixating security on record level, seems error prone, coding wise - Fixating on database seems badly manageble in the long run, since there will be a lot of users, but not an incredible amount of data per user. Does anybody have some pointers to reading material on setups like this? (already digested the django docs, but the question is more from a concept point of view) One more: Eventually users get a control panel for their account settings. Is it good practice to define this in, or based on, the admin interface. Or should I build it myself, so it stays inline with the rest of the websites' layout. Thanx a lot! Kind regards, Gerard. -- self.url = www.gerardjp.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
