将django管理员暴露给用户。有害？ [英] Exposing django admin to users. Harmful?

问题描述

我正在一个Django上进行一些电子商务项目，简而言之，我拥有一个客户和一个商业模式。商家模型与MerchantStore模型相关联，该模型以某种方式复杂，具有多个m2m和各种模型的外键关系。

a href =http://www.b-list.org/weblog/2008/dec/24/admin/ =noreferrer> post ，并没有足够的时间来进行自定义实现我决定让每个商家成为东西的成员，并通过管理界面定制他的商店。资源我创建了一个具有相应权限的新组。

然而，出现了一些问题：

1）这被认为是有害的吗？有没有任何安全威胁相关联？

2）如果还没有足够的时间，这不是最好的方法吗？

解决方案

不，我不会认为这是有害的。

管理员的禅 Apress的djangobook似乎暗示了作为管理员哲学的一部分的信任假设，并与经常重复的管理员不是您的应用程序建议配对，我也是首先害怕，并认为Django文档可以指出目标，可用的用例。

请看我几乎相同的问题 Django AdminSite / ModelAdmin为最终用户？

从约旦的答案（我给了赏金）：

关于管理员没有什么内在的特殊的
。它的行为就像任何
其他视图一样。因此，如果使用
权限来确定访问权限（对于
示例，如果您将用户的.is_staff
设置为True，但只允许其访问
特定权限），那么它将
同样安全的任何视图，你可能
创建使用权限
确定访问。

...

写
django.contrib.admin的人没有写
，假设任何一个
一个is_staff = True的人都可以信任
作为超级用户，或者是愚蠢的
，足以永远不会看到网页的
源代码。虽然
编写自己的意见鼓励，
它仍然是一个强大的界面。

还要注意Django的相对最近的安全更新 http://www.djangoproject.com/weblog/2010/ dec / 22 / security /
关于对象列表中的querystring参数。

这样的更新（引用：访问管理员的攻击者[...]）清楚地表明管理员执行许可制度正在不断审查。

I am working on a Django somewhat e-commerce project, where, briefly, I have both a Customer and a Merchant model. The Merchant model is associated with a MerchantStore model which is somehow "complicated", having a plethora of m2m and foreign key relationships to various models.

Following the solution in this post and having not enough "time" to make a custom implementation, I decided to let each Merchant be a "stuff member" and customize his store through the admin interface. Of cource I created a new group with the appropriate permissions.

However, some questions arise:

1) Is this considered harmful? Are there any security threats associated?

2) Isn't this the best way to do it if you have not enough time anyway?

解决方案

No, I would not consider this harmful.

The "Zen of Admin" as described in Apress's djangobook seemed to imply an assumption of trust as part of the admin's "philosophy", and paired with the often-repeated "admin is not your app" advice, I too was scared at first and think the Django documentation could point out intended, viable use cases.

Please see my almost identical question Django AdminSite/ModelAdmin for end users?

From Jordan's answer (who I gave the bounty):

There is nothing inherently special about admin. It behaves just like any other view. So if it is using permissions to determine access (for example, if you set a user's .is_staff to True but give them access only to specific permissions) then it will be equally secure to any view you might create that uses permissions to determine access.

...

The people who wrote django.contrib.admin did not write it with the assumption that anyone with an is_staff = True could be trusted as much as a superuser, or was stupid enough to never take a look at the source code of a web page. Although writing your own views is encouraged, it is still a robust interface.

Also note Django's relatively recent security update http://www.djangoproject.com/weblog/2010/dec/22/security/ regarding querystring parameters in object lists.

Such an update (quote: "an attacker with access to the admin [...]") is a clear indication that the admin's implementation of the permission system is being constantly scrutinized.

这篇关于将django管理员暴露给用户。有害？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！