I wouldn't say insecure, but its a big gotcha. I've done it a quite a few times where I forgot the () :)
On Apr 10, 5:53 am, Thomas Guettler <[EMAIL PROTECTED]> wrote: > Hi, > > is_staff, is_active, is_superuser are attributes. > > is_anonymous, is_authenticated are methods. > > This is insecure if you are not careful while programming: > > if user.is_authenticated: > ....# Always true, since it is a method! > > It would be nice to find a solution. Here is what I thought: > > Make is_authenticated a property which returns a object > which evaluates to the proper boolean value. This object > has a method __call__ which returns the same value. > > This is backwards compatible. > > Thomas > > -- > Thomas Guettler,http://www.thomas-guettler.de/ > E-Mail: guettli (*) thomas-guettler + de --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
