Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

What is the purpose of exposing the list of users?

See original GitHub issue

Description

The users app provides a view to list all the users.

https://github.com/pydanny/cookiecutter-django/blob/28160d06ac15635a3596db53bf53493bc252f141/{{cookiecutter.project_slug}}/{{cookiecutter.project_slug}}/users/urls.py#L12

Probably I am missing something obvious, but is this necessary? Why would a user be able to view all the registered users of the web service? At first I thought this would be only accessible in local environment, but I couldn’t find a setting which prevents it from showing up the production environment.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:8 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
webynetercommented, Aug 19, 2018

Got no problem with that.

0reactions
browniebrokecommented, May 17, 2019

After seeing the final result to get the views locally debug-only, I now believe the list view should be deleted. I’ve opened #2062 to do that. I didn’t touch the user detail on purpose…

Thoughts on this?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Exposing Personal Information for Specific Users - ObserveIT
You can choose to expose only the user's personal details (photo, full name, department, role, and login account) or also the names of...
Read more >
User Enumeration Explained: Techniques and Prevention Tips
User enumeration is when a malicious actor can use brute-force techniques to either guess or confirm valid users in a system.
Read more >
How bad is exposing valid user names?
My thought was that a system that does not specify if the user name is valid, could be more secure because it will...
Read more >
6 ways to enumerate WordPress Users - GoSecure
The default behavior of exposing usernames and emails from blog authors is unlikely to change soon. It is a risk that has been...
Read more >
Understanding Success Criterion 4.1.2 - W3C
Providing role, state, and value information on all user interface components enables compatibility with assistive technology, such as screen readers, screen ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Reading env settings from file using environ leads to crash to some applications like sphinx, django extensions

Next page

Add warning to upgrade contrib.sites.migrations.0001 when upgrading from Python 2.x to 3.x