Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Y
Y
YuriyCherniy2020-10-14 00:14:25
Django
YuriyCherniy, 2020-10-14 00:14:25

Do I need to handle exceptions if the data arrives from the session?

I have the following code in the view:

def test_func(self):
    folder_pk = self.request.session['folder_pk']
    user = Folder.objects.get(pk=folder_pk).user
    return self.request.user == user

If an attacker forges data from the session, then the user = Folder.objects.get(pk=folder_pk).userapplication may crash on the line. Is it necessary to handle such a situation, or if the old man has access to the session, it doesn’t matter if the application crashes or not, and you need to solve the problem from the other side?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
dooMoob, 2020-10-14
@YuriyCherniy

What makes you think that outsiders have access to the session? The session is stored and populated on the backend

Similar questions
Z
Zenko2017-09-12 15:00:43
Which module of those. support choose for the site? 2Reply
R
rumak2017-07-20 14:37:04
Django. What is the correct way to use formset? 1Reply
A
arelay2015-08-13 14:41:28
How to store the number of services? 1Reply
G
German Jet2015-08-14 12:13:48
How to scan folders and files in a directory and output the result to a Django template? 1Reply
B
bQ12019-12-19 09:57:21
Why does Django DISTINCT ProgrammingError occur? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question