django - Passed parameters without being encrypted -

django - Passed parameters without being encrypted -

i'm using django manage website ids post id, user id passed in clear. example can have /posts/1, /posts/2/

even if check if current user can read related post, secure pass parameters or should /posts/lkjfekj87dokdz98/ corresponds /posts/1/ example ?

example of detail view called /post/1/

class detailview(generic.detailview):     model = post      def get_context_data(self, **kwargs):         context = super(generic.detailview, self).get_context_data(**kwargs)         if context['post'] not in self.request.user.allowed_post:             raise permissiondenied         return context

i've found answer. technique named obfuscations. can used example https://pypi.python.org/pypi/django-unfriendly

Comments