Roundup Tracker - Issues


Author rouilj
Recipients rouilj
Date 2018-06-27.00:22:41
Message-id <>

I took a quick look. Most of them are obvious debugging only
changes, but I didn't analyze all of them.

3. Assert statements

Don’t use assert statements to guard against pieces of code that a user 
shouldn’t access. Take this simple example

def foo(request, user):
   assert user.is_admin, “user does not have access”
   # secure code...

Now, by default Python executes with __debug__ as true, but in a 
production environment it’s common to run with optimizations. This will 
skip the assert statement and go straight to the secure code regardless 
of whether the user is_admin or not.


Only use assert statements to communicate with other developers, such 
as in unit tests or in to guard against incorrect API usage.
Date User Action Args
2018-06-27 00:22:44rouiljsetrecipients: + rouilj
2018-06-27 00:22:43rouiljsetmessageid: <>
2018-06-27 00:22:43rouiljlinkissue2550962 messages
2018-06-27 00:22:41rouiljcreate