【发布时间】:2019-07-26 02:02:08
【问题描述】:
我已经在 Django Rest Framework 中实现了用户注册,但我不知道如何检查 sql 注入等。
例如这样的密码:“”
class UserRegisterSerializer(serializers.ModelSerializer):
def validate(self, data):
password = data['password']
password2 = data['password2']
data.pop('password2')
if password != password2:
raise serializers.ValidationError({"password": "Passwords must match."})
errors = dict()
try:
# validate the password and catch the exception
validators.validate_password(password)
# the exception raised here is different than serializers.ValidationError
except exceptions.ValidationError as e:
errors['password'] = list(e.messages)
if errors:
raise serializers.ValidationError(errors)
return data
此代码在我的设置中:
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', #=> Default (8 characters)
'OPTIONS': {
'min_length': 4,
}
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
【问题讨论】:
标签: django rest security passwords