Saturday, 15 March 2014

Django - Implementing user actions with no login, using only GET parameters -



Django - Implementing user actions with no login, using only GET parameters -

i'm writing classified ads website, need users renew ads clicking in url send email. cautions should have implementing scheme this? i've searched on web didn't find examples of implementation this.

can give clues right path this?

best regards,

first off, sql injection major thing worry about, when using obvious parameters.

second, want non-personally identifying info in parameters. not want short ids such 123456 these guessed. guid (example 412dc535-03dd-4887-b702-02c8b85e8891, remove - of course) great this.

third, want sort of basic verification in fact user originated request. have each email have own id 1 click action, perhaps guid (long string of random characters), , create them expire after time (a few days). maintain track of each email link separately , they're supposed do, couldn't figure out id of someone's advertisement , maintain running on , over.

~christian

django

No comments:

Post a Comment