I have not used Django in external environments before, just Intranet
applications.
I am wondering how to mask URLs so that object IDs are not shown?
Obviously one would create security on the server to check if a user
has access to view a particular object, but the fact that IDs are
siaplayed in the URL would make the Web service look hackable to a lot
of users.
I am thinking of this type of URL
(r'^portfolio/(\d{2})/$', 'portfolios.views.load_details'),
/portfolio/3/
In template the URL would be {% url portfolios.views.load_details
portfolio.pk %}
Let's say the logged in user has created 2 portfolios, given primary
keys 3 and 5, and has clicked to view details of object with pk 3.
He does not have access to 1,2,4, but would be tempted to look at
these URLs and would be wondering if others will be able to view them
Are there a way to rewrite/mask the URL, perhaps via Apache, or would
one not use such URL mechanisms at all for this type of Web solution?
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-users?hl=.
