Hi All, We are using Zope to publish some air quality data for our part of the world. We have written a number of simple Zope python scripts and external methods to access the air quality data. I have to confess we are all relative newbies when it comes to Zope and Python. One of the things I need to check is what level of script hardening and security measures do we need to take. We have a bit more experience with perl CGI scripts and have done standard hardening such as filtering out metacharacters etc. Do we need to take similar measures with Zope python scripting? What other security measures do we need to take? All hints and suggestions on practical security measures are greatfully appreciated. Cheers Adrian -- ======================================================================= Adrian Blockley (adrian.blockley@environ.wa.gov.au) Western Australian Department of Environment Water and Catchment Protection Address: Department of Environment Water and Catchment Protection 141 St Georges Tce Perth WA 6000 Ph: +61 8 9222 7165 Fax: +61 8 9321 5184 ======================================================================= DISCLAIMER: This e-mail is confidential to the addressee. If you are not the addressee, please notify the Department by return e-mail and delete the message from your system. You must not disclose or use the information contained in this email in any way. Thank you.
the guidelines for web scripts is the same as they *should be* for any other software that handles input from users: never ever trust the input if it comes in from a human interaction. look at your code where it handles this human input and think about what malformed input could do, such as overly long input or input that might contain illegal characters etc. jens On Tuesday, June 18, 2002, at 04:21 , Adrian Blockley wrote:
Hi All,
We are using Zope to publish some air quality data for our part of the world. We have written a number of simple Zope python scripts and external methods to access the air quality data.
I have to confess we are all relative newbies when it comes to Zope and Python. One of the things I need to check is what level of script hardening and security measures do we need to take. We have a bit more experience with perl CGI scripts and have done standard hardening such as filtering out metacharacters etc. Do we need to take similar measures with Zope python scripting? What other security measures do we need to take?
All hints and suggestions on practical security measures are greatfully appreciated.
Cheers
Adrian
Adrian Blockley writes:
We are using Zope to publish some air quality data for our part of the world. We have written a number of simple Zope python scripts and external methods to access the air quality data.
I have to confess we are all relative newbies when it comes to Zope and Python. One of the things I need to check is what level of script hardening and security measures do we need to take. We have a bit more experience with perl CGI scripts and have done standard hardening such as filtering out metacharacters etc. Do we need to take similar measures with Zope python scripting? What other security measures do we need to take? Chris Withers has a Stip-O-Gram module that might help you to sanitize user input.
Dieter
participants (3)
-
Adrian Blockley -
Dieter Maurer -
Jens Vagelpohl