django-tasks icon indicating copy to clipboard operation
django-tasks copied to clipboard

Published 20 hours ago verified publisher icon RealOrangeOne

Add support for signed tasks.

Open hooverdc opened this issue 1 year ago • 2 comments
trafficstars

hooverdc avatar Jul 11 '24 22:07 hooverdc

Thanks, I'll get working on those.

hooverdc avatar Jul 12 '24 16:07 hooverdc

@RealOrangeOne Added tests and made updates based on your suggestions.

hooverdc avatar Aug 14 '24 18:08 hooverdc

CI is still failing. However, on reflection, I'm not sure the added complexity is worthwhile.

Because task functions must be explicitly allowed, there's no ability to gain remote-code execution inside Django (at least not in ways which can be controlled by django-tasks). Whilst it's possible to potentially modify data, if an attacker already has access to the database they can do that anyway, not to mention that they probably have access to other parts of your infrastructure too.

RealOrangeOne avatar Sep 10 '24 21:09 RealOrangeOne