#3145: edit_inline Manipulator processor allows "stealing" of related objects
---------------------------+------------------------------------------------
Reporter: [EMAIL PROTECTED] | Owner: nobody
Status: closed | Component: Core framework
Version: | Resolution: invalid
Keywords: security | Stage: Accepted
Has_patch: 0 | Needs_docs: 0
Needs_tests: 1 | Needs_better_patch: 0
---------------------------+------------------------------------------------
Changes (by ubernostrum):
* status: new => closed
* resolution: => invalid
Comment:
A foreign key is just a foreign key; it has no inherent "meaning". If the
`Bar` model has a foreign key to `Foo`, that could mean "User A owns this
instance and changing it is a security breach", but it could also mean
"User A is working with this instance right now but User B can take it
over" or it could "mean" something else entirely. It's up to you -- the
developer of your specific application -- to decide what the foreign key
"means" and implement the appropriate logic.
--
Ticket URL: <http://code.djangoproject.com/ticket/3145#comment:4>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
