I will learn about those, thanks. But there's still an AppEngine-specific version of the question: does Django as supported on AppEngine have any useful validation features, or are they in the part of Django that is not supported? Anyone got examples that prevent attacks?
I validated most things with JavaScript, which helps the real user, but I see that it won't do any good against a malicious user. On Nov 7, 7:59 pm, Peter Recore <[EMAIL PROTECTED]> wrote: > This question is not app engine specific. Users can request a GET or > POST with whatever values they want regardless of the underlying > technology. You should google "Cross Site Scripting" and "SQL > Injection" to learn about the various evil things users can do to you > if you don't validate your inputs. most web frameworks have forms > libraries that can simplify much of the validation. > > -peter > > On Nov 7, 4:14 pm, adrian <[EMAIL PROTECTED]> wrote: > > > Every URL an app-engine app handles is public since it appears in the > > URL bar in the browser. So even if it begins with _ or is strangely > > spelled a user could use the back button or history and directly edit > > a URL, then submit it and likely cause an error unless everything is > > validated. > > > Is it good practice to validate every piece of data coming in to a URL > > handler by GET or POST and not assume anything? Or accept a small > > number of errors when people do stupid things. I can certainly > > validate everything but it obscures the code. > > > Thanks --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en -~----------~----~----~----~------~----~------~--~---
