Changes between Initial Version and Version 1 of Ticket #35730


Ignore:
Timestamp:
Sep 4, 2024, 9:46:56 AM (2 months ago)
Author:
Remy
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #35730 – Description

    initial v1  
    55Surely, organizations that design their entities with non-enumerable public identifiers (such as by using a `UUIDField` for the primary key) would not be affected by this, however as the issue is also addressed by other means, such as a secondary public identifier, or simply a careful app design, I would still think that many Django site owners who prefer to keep this information private are likely unaware that it’s being exposed through this native mechanism.
    66
    7 To prevent the leakage of the `user.pk` value by default, I replaced the base64 encoding with the signing of the `user.pk` value.
     7To prevent the leakage of the `user.pk` value by default, I replaced the base64 encoding with the signing of the `user.pk` value (PR https://github.com/django/django/pull/18539).
Back to Top