On June 24, 2019 4:35:45 PM GMT+02:00, Brandon Rosenbloom <brandonrosenbl...@gmail.com> wrote: >I would recommend placing logic in the front end that only shows >the delete option to logged in users who are the original authors of >the post.
That would be good for usability (don't give the user options that she cannot use), but is definitely not good enough in terms of security. Any slightly competent attacker would still be able to delete the post. Rule #0 in security is never to trust the client. I might have misunderstood you though, just thought this was important to point out. Kind regards, Kasper Hi Brandon, -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/AAD8D0F6-B92B-417C-BB9A-F9922D90BCD9%40stacktrace.dk. For more options, visit https://groups.google.com/d/optout.