Hi Leonardo,
I was talking about something I want to implement (or looking for a 3rd
party implementation), not a standard Django feature.
Users would define forms in format they input, which in turn will be used
to generate forms displayed in browser for other users.
If I allow users to input Python code they might input anything they like,
for instance they might add in their Python code subprocess.Popen("rm -rf
/*") :D.
This is an obvious security no-no, regardless of language or framework.
joi, 24 ianuarie 2013, 22:19:28 UTC+2, leonardo a scris:
>
> Hi,
>
> I'm new to Django and here.
>
> yaml file is commonly used in Rails framework.
> Django uses simple python file (settings.py).
>
> What security risk? Have you got any example ?
>
>
> 2013/1/24 Adrian Andreias <adi.an...@gmail.com <javascript:>>
>
>> Hello,
>>
>> I need a way to define a django form through a yaml file (or another text
>> format).
>> Is there some code that already does this?
>> I'm trying to not reinvent the wheel.
>>
>> I can't use simple python classes, since this would user input and would
>> be a security risk and I need a simpler and limited format.
>>
>> Thanks
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django users" group.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msg/django-users/-/bSxNCc8waMUJ.
>> To post to this group, send email to django...@googlegroups.com<javascript:>
>> .
>> To unsubscribe from this group, send email to
>> django-users...@googlegroups.com <javascript:>.
>> For more options, visit this group at
>> http://groups.google.com/group/django-users?hl=en.
>>
>>
>
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to
django-users+unsubscr...@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
