Primary keys as URL parameters are considered a security vulnerability by
OWASP (https://www.owasp.org/index.php/Forced_browsing) and may affect how
your code is viewed after an audit.
Consider instead how sites like Reddit handle this. The URL of a comments
page has a human-readable slug at the e
Akhil thank you. I'll bookmark your advice for later. At this point staying
with a functional view might be less work. Next views to be written will
probably be class based
Cheers
Mike
Akhil Lawrence wrote:
>To answer how do I change from function based views to class based views,
>
>
>The s
You want a value to identify a specific job, different from the
job_id, to put in the url.
I would add a slug field in the model and use that.
The slug could be derived from the job title, maybe concatenated to an
UUID for uniqueness or simply an UUID different from the id.
If you are using views
try to add that
## {{ airlines|pprint }}
If it show `## ''` in the page, airlines is not defined in the template context.
2016-07-06 12:21 GMT+02:00 :
> Hi,
> I have a model and whould like to create a dropdown menu from the fields
> generated.
> Unfortunately no dropdown list is showed:
>
>
As far as putting the id in the url it was a way of distinguishing the job
form others. As I said a number of listings will be made on the same day
with exactly the same content with regard to the title. My thoughts
therefore were that if the id plus the tile were included in the url then
this woul
if not the id what do you suggest then?
is this a general rule for you or do you apply this only for users?
On Wed, Jul 6, 2016 at 6:46 PM, William Caruso
wrote:
> As far as putting the ID into the url, I would suggest not. Even though
> the ID is secure and anonymous, django's urls allow for m
As far as putting the ID into the url, I would suggest not. Even though the
ID is secure and anonymous, django's urls allow for much better ways to
determine a user and put them on a page. What is your purpose for using the
ID in the URL?
On Wednesday, July 6, 2016 at 10:09:59 AM UTC-4, davidt
Looks reasonable to me -- want to submit a pull request? Maybe "self." was
lost in a refactoring. If you can find where that happened, it's always
helpful.
On Wednesday, July 6, 2016 at 10:27:41 AM UTC-4, Alexander Scherbatey wrote:
>
> Hello,
>
> I need to create my own modified backend based o
Hello,
I need to create my own modified backend based on postgresql database
backend, which use my wrapper for psycopg2 driver.
I tried to simply subclass django.db.backends.postgresql.DatabaseWrapper
and redefine DatabaseWrapper.Database class member, but faced the fact that
inside the class t
Hi,
I have a model and whould like to create a dropdown menu from the fields
generated.
Unfortunately no dropdown list is showed:
{% for airline in alirlines %}
{{
airline.airline }}
{% endfor %}
this is the model:
I have written tests for my Users model., but when i run "python manage.py
test " it throws me a error. please help.
I am also uploading the error file for review.
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group a
I have two generic class based views, CreateView and UpdateView.
I have products and companies, where a company can have multiple products.
A user has a company.
When a product is added I need to send also the corresponding foreign key
and when I edit/update I need to be sure that the prod
I am looking for advice with regard to the following:
I have a model which has as part of the structure these two fields
job_id = models.AutoField(primary_key=True,)
job_reference = job_id = ShortUUIDField()
My question is if I include the job_id in the url, which is public facing
then it is ea
I ended up fixed it. Turned out one of the dirs in the path was not
readable. That is, the django app was in /foo/bar/baz and although
/foo and /foo/bar/baz were readable, /foo/bar was not. Once I chmod-ed
that all was well.
On Tue, Jul 5, 2016 at 7:13 PM, Josh Crompton wrote:
> Rather than makin
Hi folks,
I would like to announce a new release of django-firebird with support for
django 1.8
More info at https://github.com/maxirobaina/django-firebird
Greetings
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this gro
15 matches
Mail list logo
