Does post_save hook runs immediately after creating model in Django?

0 投票
最新提问 用户: (140 分)

I have post_save method which needs pk.

def create_key(instance=None, sender=None, created=False, **kwargs):
    if created:
      last_index = instance.pk
      instance.private_key = cipher(last_index).encrypt(instance.private_key)
      instance.save()

Before calling it I assign self.private_key not encrypted private_key.

Question: Can attacker get not encrypted private_key from DB in time period between save method and post_save?

发表于 用户: (100 分)
Why are you not doing this in pre_save?
发表于 用户: (140 分)
@OzgurVatansever I corrected it, I need instance.pk
发表于 用户: (100 分)
My guess is yes, but you could probably test this by putting a break point in your post_save function and manually query your db. Though, it might be safer to allow the field to be blank or null instead and update it after you save.
发表于 用户: (140 分)
@KeiferSebastian yeah, I will try it. Tricky moment: I need private_key for post_save. I mean: while creating i generate private_key and should send it to post_save
发表于 用户: (100 分)
If you can lock the table and are using an auto incrementing pk you could find out the next pk before saving.

登录 或者 注册 后回答这个问题。

欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。
...