On 23 Mar 04:38, Bastien wrote: > Sorry maybe my post was not very clear, I am talking about public content > here, that should be accessed by anyone, even anonymous users not logged in. > For instance if we talk about photos, publicly available, the url would > look something like /photos/1, /photos/2 .... 1 and 2 being the pk of the > object in the db. If someone wants to download or link to these photos in a > totally uncontrollable way (without using an API), with that system we are > making it very easy to do mass content leakage. I don't want to promote > security by obscurity here, just want to know what people in the group > think about it and what solutions can be implemented, or if it is relevant > at all.
Are there links on the site to those bits of content, anyways? If so, then this is entirely irrelevant, as they're already entirely spidarable, and there's plenty of software out there that will parse web pages and download all content, and follow links, etc. Cheers, -- Brett Parker -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
