Changes between Initial Version and Version 1 of Ticket #35730
- Timestamp:
- Sep 4, 2024, 9:46:56 AM (3 weeks ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #35730 – Description
initial v1 5 5 Surely, organizations that design their entities with non-enumerable public identifiers (such as by using a `UUIDField` for the primary key) would not be affected by this, however as the issue is also addressed by other means, such as a secondary public identifier, or simply a careful app design, I would still think that many Django site owners who prefer to keep this information private are likely unaware that it’s being exposed through this native mechanism. 6 6 7 To prevent the leakage of the `user.pk` value by default, I replaced the base64 encoding with the signing of the `user.pk` value .7 To prevent the leakage of the `user.pk` value by default, I replaced the base64 encoding with the signing of the `user.pk` value (PR https://github.com/django/django/pull/18539).