> so it doesn't get us any real improvement in security James, there is a concept of 'fool proof'. Real hackers may do many things. But current model allows even 10 year old kids to be hackers. This is just against them. There is no ability to protect all sites with ssl and I would not like a neighbor's son could read my email because he got my session id by running simple ethereal
> I'm not saying I'm against separating insert and update in the ORM, > though Have you ever looked in my code ? There are no hacks of ORM, there is just a different sessions table design where session id is not anymore a primary key but just an unique key. Primary key is a separate field and this approach allows us to use existing ORM to do things correct way where session collision is impossible at table level, so impossible by design. And again: I am not voting against improving if IDs generation, I think these problems should be solved both. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
