Chapter 11. Django revisited!
This chapter covers
In Chapter 8, you built a simple todo list with Django, which allowed you to keep track of tasks you needed to do. Although useful for you, it’s not helpful to other people. In this chapter, we’ll look at some of the polishing steps you need to take to make your Django application useful to others. Let’s get started!
Your application was pretty much finished from a functionality point of view—you can delete and change any of your todos, and add as many as you like. Here’s the problem: so can anyone else, if that person has access to your web interface. If that person is malicious, then all your todos might be deleted, or your important ones could be tampered with.
In order for your application to be safe, you’ll need to restrict who can access your application, and you shouldn’t be able to tamper with anyone else’s todos. In practice, this means you’ll introduce the following checks:
- You should need to log in to the application.
- Once logged in, you should only see your own todo items.
- Whenever you try to add, change, or delete a todo, it should only work if it’s your todo.
Once these three constraints are in place, you should be safe against anyone trying to fiddle with anyone else’s todo list.
