tutorial icon indicating copy to clipboard operation
tutorial copied to clipboard

Published 20 hours ago verified publisher icon DjangoGirls

Security section in forms tutorial

Open MichaelClerx opened this issue 7 years ago • 2 comments

Hi all, thanks for some great tutorials!

Wondering about the "security" section in the django_forms tutorial. At the moment it teaches you to hide the buttons and worry about the rest later (in an extension tutorial). Isn't that setting a very bad example for dealing with security?

MichaelClerx avatar Dec 12 '17 14:12 MichaelClerx

I noticed this as well and cringed. I included the following at the top of my new and edit views:

from django.core.exceptions import PermissionDenied
...
def new_post(request):
    if not request.user.is_authenticated():
        raise PermissionDenied("No logged in user")

inventhouse avatar Jul 20 '18 19:07 inventhouse

I was also cringing. How about making a PR that would:

  • Explain a bit more about security (how hiding buttons is just "security by obscurity", which isn't real security)
  • Adds the suggestion by @inventhouse

jhodgdon-drp avatar Dec 29 '18 17:12 jhodgdon-drp