Strictly speaking, exposing the primary key is not a security issue. Primary keys are not a secret, just an id. You need to secure your data based on authenticated credentials and some sort of authorization system that controls who can do what with each piece of data.
Some people don't like using sequential primary keys because they are exposing information about their system. For example, with your system, I can tell how many houses you have in your database by probing URLs. I guess you might consider that a security concern. If so, use a randomized slug as others have suggested. --Ned. http://nedbatchelder.com/blog ydjango wrote: > I am displaying a list of houses and on clicking on one of the houses > I want to show/edit details > > currently I am using constructing url as /house/edit/123/ > where 123 is house data base primary key for that house. > > Can exposing the primary key in url be any security issue? > > (r'^house/edit/(\d+)/$',editHouse) > > Is there alternative way without exposing the primary key in url? > > Ashish > > > > -- Ned Batchelder, http://nedbatchelder.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
