I was talking about something I want to implement (or looking for a 3rd party implementation), not a standard Django feature.
Users would define forms in format they input, which in turn will be used to generate forms displayed in browser for other users.
If I allow users to input Python code they might input anything they like, for instance they might add in their Python code subprocess.Popen("rm -rf /*") :D.
This is an obvious security no-no, regardless of language or framework.
joi, 24 ianuarie 2013, 22:19:28 UTC+2, leonardo a scris:
--Hi,I'm new to Django and here.yaml file is commonly used in Rails framework.Django uses simple python file (settings.py).What security risk? Have you got any example ?2013/1/24 Adrian Andreias <adi.an...@gmail.com>
Hello,
I need a way to define a django form through a yaml file (or another text format).
Is there some code that already does this?
I'm trying to not reinvent the wheel.
I can't use simple python classes, since this would user input and would be a security risk and I need a simpler and limited format.
Thanks
--
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/ .bSxNCc8waMUJ
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com .
For more options, visit this group at http://groups.google.com/group/django-users?hl=en .
You received this message because you are subscribed to the Google Groups "Django users" group.
To post to this group, send email to django-users@googlegroups.com.
To unsubscribe from this group, send email to django-users+unsubscribe@googlegroups.com.
Visit this group at http://groups.google.com/group/django-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
No comments:
Post a Comment