[Zope] Scripts, external methods and security
Jens Vagelpohl
jens@zope.com
Tue, 18 Jun 2002 07:50:07 -0400
the guidelines for web scripts is the same as they *should be* for any
other software that handles input from users: never ever trust the input if
it comes in from a human interaction.
look at your code where it handles this human input and think about what
malformed input could do, such as overly long input or input that might
contain illegal characters etc.
jens
On Tuesday, June 18, 2002, at 04:21 , Adrian Blockley wrote:
> Hi All,
>
> We are using Zope to publish some air quality data for our part of the
> world. We have written a number of simple Zope python scripts and
> external methods to access the air quality data.
>
> I have to confess we are all relative newbies when it comes to Zope and
> Python. One of the things I need to check is what level of script
> hardening and security measures do we need to take. We have a bit more
> experience with perl CGI scripts and have done standard hardening such
> as filtering out metacharacters etc. Do we need to take similar
> measures with Zope python scripting? What other security measures do we
> need to take?
>
> All hints and suggestions on practical security measures are greatfully
> appreciated.
>
> Cheers
>
> Adrian