Re: [Django Code] #2983: ImageField not deleing previously attached file when updated

Sun, 16 Sep 2007 11:26:44 -0700 

#2983: ImageField not deleing previously attached file when updated
----------------------+-----------------------------------------------------
   Reporter:  Shimon  |                Owner:  nobody                
     Status:  new     |            Component:  Core framework        
    Version:  SVN     |           Resolution:                        
   Keywords:          |                Stage:  Design decision needed
  Has_patch:  1       |           Needs_docs:  0                     
Needs_tests:  0       |   Needs_better_patch:  0                     
----------------------+-----------------------------------------------------
Comment (by [EMAIL PROTECTED]):

 > In addition, IMHO there are security concerns with the current behavior
 - a malicious user could attack an unsuspecting django site by filling up
 the hard disk.  This simply by repeatedly changing an image field.
 
 You are absolutely correctly, but it is also possible that a malicious
 user would upload a new file/image just so django would delete the
 existing one.
 
 I don't think of this as a way to "undo"... I guess I just have a problem
 with Django deleting files from the web server.
 
 Think of this case.  There are already image files on the server (in use
 by another non-Django application).  I create a Django app that also makes
 use of these files.  So I import the files into the Django models (not
 making use of forms to upload them).  Then I decide to later change which
 image the Django app is using.  If Django was to delete the old file, It
 would break my non-Django application.
 
 The issue I see is that you are simply looking at this from the
 perspective that ImageFields are always used with forms.
 
 I'm not saying that this this behavior is a bad idea, I'm just saying that
 I would like some method of disabling it.
 
 After all, it seems that is how the rest of the Django ORM works, Make the
 default behaviors reasonable, but have options to override the defaults
 for special circumstances.

-- 
Ticket URL: <http://code.djangoproject.com/ticket/2983#comment:7>
Django Code <http://code.djangoproject.com/>
The web framework for perfectionists with deadlines
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to