Good point!
Browser-side security is VERY easy to bypass.
For example, just use Firebug or the built-in dev tools of Firefox,
Chrome, or Safari (or probably even IE by now), to edit the HTML
of the current page and then click the OK/Send/Submit button.
--Fred
Fred Stluka -- mailto:fred@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.
Fred Stluka -- mailto:fred@bristle.com -- http://bristle.com/~fred/
Bristle Software, Inc -- http://bristle.com -- Glad to be of service!
Open Source: Without walls and fences, we need no Windows or Gates.
On 3/22/16 10:35 AM, Fabio C. Barrionuevo da Luz wrote:
self.fields[name].widget.attrs['disabled'] = 'disabled'self.fields[name].widget.attrs['readonly']=True
is not make real readonly to field, because if user can edit the html on client side, and remove disabled="disabled" and readonly input atributtes
to problem of readonly fields, i currently use this:
https://github.com/luzfcb/django-simple-history/blob/wip-generic-views2/simple_history/forms.py
I prevent it here https://github.com/luzfcb/django-simple-history/blob/wip-generic-views2/simple_history/forms.py#L24
No comments:
Post a Comment