Add comment
This commit is contained in:
parent
bbaed79269
commit
2111a9908f
1 changed files with 1 additions and 1 deletions
2
notes.md
2
notes.md
|
@ -54,7 +54,7 @@ def attachment_delete(request, pk):
|
||||||
|
|
||||||
Anyone who can login to the system, could potentially delete an attachment belonging to some other user, which may be disastrous. We could easily overcome this like the example from django-guardian above.
|
Anyone who can login to the system, could potentially delete an attachment belonging to some other user, which may be disastrous. We could easily overcome this like the example from django-guardian above.
|
||||||
|
|
||||||
4. I am not sure what exact Django version the app is designed for. I am assuming some version of Django 2.x.x. based on my attempt to run the project. It would be nice to check all vulnerabilities for this specific version of Django. For example for 2.2, the known vulnerabilities in Django are: https://snyk.io/vuln/pip:Django@2.2
|
4. I am not sure what exact Django version the app is designed for. I am assuming some version of Django 2.x.x. based on my attempt to run the project. It would be nice to check all vulnerabilities for this specific version of Django. For example for 2.2, the known vulnerabilities in Django are: https://snyk.io/vuln/pip:Django@2.2. I would recommend to verify that the project's code does not have any of these.
|
||||||
|
|
||||||
|
|
||||||
## Standard Django app deployment checks
|
## Standard Django app deployment checks
|
||||||
|
|
Loading…
Reference in a new issue