-1
When learning to develop applications using Django it is common to get the following URL:
locahost:8000/minhaentidade/deletar/id
However, a malicious user may change this id and end up deleting another entity. Knowing this, how can I check if my URL parameters have been changed? Does Django already have any tool to deal with the situation? Or is there some better approach to dealing with the situation?
0
The most correct approach to deal with the situation is to check if the user is allowed to delete the object before doing so. For this, you need an authentication system and access control. Django itself provides ready-made mechanisms for this, but there are also several other third-party apps that implement more complex mechanisms. The keywords you should search for, associated with Django, are: Authentication backend, Permissions, Object Permissions.
Your concern with this access control is a sign that you have the right concerns. But the idea of controlling the Urls is not a good idea. Remember that the user can always enter manually with the Urls, without having received it from your application.
In WEB programming you need to consider that the user always has full control of the requests made to your application and that it is not limited by what is displayed to him.
Browser other questions tagged python python-3.x django django-2.0
You are not signed in. Login or sign up in order to post.