the guidelines for web scripts is the same as they *should be* for any other software that handles input from users: never ever trust the input if it comes in from a human interaction. look at your code where it handles this human input and think about what malformed input could do, such as overly long input or input that might contain illegal characters etc. jens On Tuesday, June 18, 2002, at 04:21 , Adrian Blockley wrote:
Hi All,
We are using Zope to publish some air quality data for our part of the world. We have written a number of simple Zope python scripts and external methods to access the air quality data.
I have to confess we are all relative newbies when it comes to Zope and Python. One of the things I need to check is what level of script hardening and security measures do we need to take. We have a bit more experience with perl CGI scripts and have done standard hardening such as filtering out metacharacters etc. Do we need to take similar measures with Zope python scripting? What other security measures do we need to take?
All hints and suggestions on practical security measures are greatfully appreciated.
Cheers
Adrian