Opened 87 minutes ago
Last modified 8 minutes ago
#37044 new Cleanup/optimization
Mention in FileField-.upload_to-Documentation that file locations on authenticated models are not automatically authenticated.
| Reported by: | Aaron | Owned by: | |
|---|---|---|---|
| Component: | Documentation | Version: | 6.0 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Its common practice to add authentification to a model such that it can be
accessed by a subset of users. Developers might assume that the authentification of the model covers authentification
of the "upload_to"-Field, but is does not. Therefore, any authenticated user
who guesses any url is able to acccess the underlying file, somewhat circumventing the authentification.
Furthermore, these urls share common patterns which might expose a lot more files.
Suggestion:
Add a warning to the documentation of "upload_to" along the lines of:
""upload_to" does not inherit authentification from a model. This has to be done externally".
"Authentification of the model does not include authentification of "upload_to". Any authenticated user
might guess the urls and can access the underlying files".
"Make sure to authenticate access to the url stored in "upload_to" as these are not covered by the model authentification. "
Looking forward to discussing this,
Aaron
Change History (1)
comment:1 by , 8 minutes ago
| Component: | Uncategorized → Documentation |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
| Type: | Uncategorized → Cleanup/optimization |
The suggested clarification is brief, and addresses a misconception that comes up with frequency on the forum. (See duplicates pointing to Ken's excellent answer).
I'm happy to accept if we can do this without dwelling on too many details. Thanks.