Thursday, May 28, 2020

Templates vs. source code

Django users,

There was a discussion in Stack Overflow related to an answer of mine - how to access settings from templates in Django [https://stackoverflow.com/a/53953578/1412564]. And I would like to know - is it generally unsafe to expose all my settings to templates and why? Should I use the updated answer and expose only specific settings to templates? Because if a hacker can change my templates, they can also change my .py files, and then they can give themselves any access they want to. So what is better - expose all my settings to templates or only specific settings which I consider safe?

Thanks,
Uri.

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CABD5YeEmHtPHMKs7ub42eeTQR8_XfDUGwyCtn9XGmvZ0JyFfwQ%40mail.gmail.com.

No comments:

Post a Comment