Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Y
Y
YuriyCherniy2020-10-14 00:14:25
Django
YuriyCherniy, 2020-10-14 00:14:25

Do I need to handle exceptions if the data arrives from the session?

I have the following code in the view:

def test_func(self):
    folder_pk = self.request.session['folder_pk']
    user = Folder.objects.get(pk=folder_pk).user
    return self.request.user == user

If an attacker forges data from the session, then the user = Folder.objects.get(pk=folder_pk).userapplication may crash on the line. Is it necessary to handle such a situation, or if the old man has access to the session, it doesn’t matter if the application crashes or not, and you need to solve the problem from the other side?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
dooMoob, 2020-10-14
@YuriyCherniy

What makes you think that outsiders have access to the session? The session is stored and populated on the backend

Similar questions
D
DiaTMss2019-09-11 00:00:33
How to protect sessions and cookies? 2Reply
V
Valery Semenov2012-10-28 15:18:20
What are the packages for caching in django? 3Reply
M
Maxim Stikharev2018-04-27 11:44:09
Why are Django images not showing? 1Reply
N
Nikita Shchypylov2015-12-18 18:38:23
Whose syntax is used in frameworks? 1Reply
7
7a-6662020-05-29 13:21:14
Are there analogues of the __in method in templates? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question