Why is it a problem if the URLs are guessable? In a vacuum, I would
consider that a good thing.
Remco Gerlich
On Wed, Jul 6, 2016 at 4:09 PM, 'davidt' via Django users <
django-users@googlegroups.com> wrote:
> I am looking for advice with regard to the following:
>
> I have a model which has as
Makes sense thanks for this
On 6 July 2016 at 21:18, ludovic coues wrote:
> You want a value to identify a specific job, different from the
> job_id, to put in the url.
> I would add a slug field in the model and use that.
>
> The slug could be derived from the job title, maybe concatenated to a
I will read up on this. Many thanks for the advice.
On 7 July 2016 at 01:34, Alex Heyden wrote:
> Primary keys as URL parameters are considered a security vulnerability by
> OWASP (https://www.owasp.org/index.php/Forced_browsing) and may affect
> how your code is viewed after an audit.
>
> Consi
Primary keys as URL parameters are considered a security vulnerability by
OWASP (https://www.owasp.org/index.php/Forced_browsing) and may affect how
your code is viewed after an audit.
Consider instead how sites like Reddit handle this. The URL of a comments
page has a human-readable slug at the e
You want a value to identify a specific job, different from the
job_id, to put in the url.
I would add a slug field in the model and use that.
The slug could be derived from the job title, maybe concatenated to an
UUID for uniqueness or simply an UUID different from the id.
If you are using views
As far as putting the id in the url it was a way of distinguishing the job
form others. As I said a number of listings will be made on the same day
with exactly the same content with regard to the title. My thoughts
therefore were that if the id plus the tile were included in the url then
this woul
if not the id what do you suggest then?
is this a general rule for you or do you apply this only for users?
On Wed, Jul 6, 2016 at 6:46 PM, William Caruso
wrote:
> As far as putting the ID into the url, I would suggest not. Even though
> the ID is secure and anonymous, django's urls allow for m
As far as putting the ID into the url, I would suggest not. Even though the
ID is secure and anonymous, django's urls allow for much better ways to
determine a user and put them on a page. What is your purpose for using the
ID in the URL?
On Wednesday, July 6, 2016 at 10:09:59 AM UTC-4, davidt
I am looking for advice with regard to the following:
I have a model which has as part of the structure these two fields
job_id = models.AutoField(primary_key=True,)
job_reference = job_id = ShortUUIDField()
My question is if I include the job_id in the url, which is public facing
then it is ea
9 matches
Mail list logo
