rw-bsi
commented
5 months ago Added two commits (one here, one in other repo). Some additional changes to hide internal id, add admin fields/navigation properties and fix email template rendering
Closed aothms closed 5 months ago
rw-bsi
commented
5 months ago Added two commits (one here, one in other repo). Some additional changes to hide internal id, add admin fields/navigation properties and fix email template rendering
Obfuscate numeric ids by using coprime multiplicative inverses. https://ericlippert.com/2013/11/14/a-practical-use-of-multiplicative-inverses/
Not particularly fond of this implementation. Ideally we would have a designated django db field type for this to do this transparently. But I wasn't entirely sure how. And if it's a field type, how would it be applied to foreignkeys without actually getting the object (
outcome.request_idvsoutcome.request.id). I guess this approach though can be a bit of a headache when using a more automated api.This is part1. part2 is the in the validate repo.
COPRIMESECRETcurrently has a hardcoded default, which is not very secure maybe, but as long as we don't forget to set something unique on PROD it's fine I guess?