Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
H
H
Hadmi2018-06-05 02:02:52
Django
Hadmi, 2018-06-05 02:02:52

Is request.user safe?

Good afternoon.
The whole point is in the name - how much can you trust the value of request.user?

if object.owner == request.user:
        object.delete()

If I do such a check before deleting an object, is this enough to protect against evil hackers or can this value be changed?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
S
sim3x, 2018-06-05
@hadmi

Read how the user's cookie is formed - if it is vulnerable, then spoofing is possible
In the current implementation, the problem is on the side of the http protocol, and not on the jung side
In the current implementation, spoofing is possible if an attacker stole the cookie from a legitimate user

Similar questions
K
Konstantin2017-06-26 14:22:13
Is there a bugless equivalent of Punto Switcher for Mac OS Sierra? 3Reply
J
John Gault2015-08-17 18:19:39
How is it rendered? 2Reply
O
Onigire2021-06-04 20:32:19
Why is the last element of the list not displayed? 1Reply
A
Andrey Kirdyashkin2020-11-25 10:54:22
How to search for duplicates in the DB through the form before adding? 1Reply
V
valexeich2022-04-21 12:33:44
How many sql queries per page is a lot? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question