Am Freitag, den 12.11.2004, 16:18 -0800 schrieb Uzo Uzo: > Hey all, > > How are you all dealing with web security? Preventing SQL injection > attacks and cross site scripting attacks...
I use pSQL. None of the usual injection attacks would work with that.
Most python database adapters have functions to properly escape any
value for use in their respective queries. If those are properly used,
you wont have to worry either.
XSS can easily be avoided by using the powers of re.match on each and
every form value. For myself I use a form data processor that strips
anything that looks like html or scripting from every value by default
and gives the original, unmodified values only when specifically asked
to do so.
That way I dont have to consider every time whether I should put in a
check or not. It is always there.
br,
Fionn
--
Software patents - not allowed in Europe | See whats going on:
Archiving Email - patented in Europe | http://freepatents.org/
E-Shopping Baskets - patented in Europe | Become active easily:
Cross-compiling - patented in Europe |
http://aktiv.ffii.org/eubsa/en
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
