pombreda / formalchemy

Automatically exported from code.google.com/p/formalchemy
MIT License
0 stars 0 forks source link

Convert Session method to private in AdminController #73

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Hi,

I write this patch to deny access to "Session" action. 

Without this patch, I can access to this page :

http://127.0.0.1:5000/admin/Animal/Session

It isn't serious issue but it's more clean :)

I think this patch can have some backward compatibility issue. 
Can we depreciate public Session method ?

Regards,
Stephane

Original issue reported on code.google.com by klein.stephane on 27 Feb 2009 at 5:30

Attachments:

GoogleCodeExporter commented 9 years ago
I'm going to go with wontfix on this one.  Making it "private" doesn't of 
course make
it really unavailable, it just mangles the name and makes life difficult for
subclasses.  I'd like to leave subclassing open as an option.

As for adding just one underscore, again, I'd like to emphasize that Session is 
part
of the public admin controller contract, which no underscore conveys better.  
And
just one underscore hardly makes it any less accessible in the url.

Original comment by jbel...@gmail.com on 28 Feb 2009 at 1:05