stackoom
  简体   繁体   中英

How to secure Django Tastypie REST API which needs no credentails for POST and GET

 原文  2014-10-17 08:50:25       python/ django/ rest/ https/ django-rest-framework

Question

Hi am having an API url when a user submits the page, URL will be called and POSTED data will be saved in DB through tastypie api.

My question here is,

Am not using credentials while POSting data since it is a form submission, so when an intruder comes to know about my API url and data to be posted he can post bulk amount of data to my DB and crash it,right?

How to prevent this or it is already prevented by any measure,Please Explain.

Thanks.

2 answers

solution1
 0  2014-10-17 14:09:16

我尚未与stylishpie合作,但他们的文档中有一个身份验证和授权部分

solution2
 0  2014-10-17 19:53:29

If you need to allow people to POST with no auth, then there is nothing you can do to prevent someone just POSTing random data. What you can do is throttling the user so they don't post that much data.

http://django-tastypie.readthedocs.org/en/latest/throttling.html

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Django API tastypie and FK POST MySQL On Update not triggering for Django/TastyPie REST API Django Tastypie create API which accepts POST data but not creates any entry in database How to create CRUD using Django/Tastypie API? Django Tastypie: How to Authenticate with API Key How to post data to Django rest API Separate functions for Get, POST, PUT and DELETE in django-tastypie django tastypie returning 401 always for POST method and works well for GET How to notify an app that credentials were successful in Django/Tastypie/REST Django Tastypie slow POST response
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM