[Zope] Scripts, external methods and security
Adrian Blockley
blockley@environ.wa.gov.au
Tue, 18 Jun 2002 16:21:57 +0800
Hi All,
We are using Zope to publish some air quality data for our part of the
world. We have written a number of simple Zope python scripts and
external methods to access the air quality data.
I have to confess we are all relative newbies when it comes to Zope and
Python. One of the things I need to check is what level of script
hardening and security measures do we need to take. We have a bit more
experience with perl CGI scripts and have done standard hardening such
as filtering out metacharacters etc. Do we need to take similar
measures with Zope python scripting? What other security measures do we
need to take?
All hints and suggestions on practical security measures are greatfully
appreciated.
Cheers
Adrian
--
=======================================================================
Adrian Blockley (adrian.blockley@environ.wa.gov.au) Western Australian
Department of Environment Water and Catchment Protection
Address:
Department of Environment Water and Catchment Protection
141 St Georges Tce Perth WA 6000
Ph: +61 8 9222 7165
Fax: +61 8 9321 5184
=======================================================================
DISCLAIMER: This e-mail is confidential to the addressee. If you are not the
addressee, please notify the Department by return e-mail and delete the
message from your system. You must not disclose or use the information
contained in this email in any way. Thank you.