11 Apr
2002
11 Apr
'02
4:02 p.m.
On Thursday 11 April 2002 01:01, Jason Burke wrote:
I did notice a reference to something like this...
REQUEST.AUTHENTICATED_USER.getUserName()
but, this doesn't seem like it would be any more secure than just assigning REQUEST.AUTHENTICATED_USER to a variable.
Suppose someone does assign REQUEST.AUTHENTICATED_USER like 'foo' then the classmethod getUserName() will not work. Use that.