[Toolserver-l] Python cgi safery issues
MZMcBride
z at mzmcbride.com
Tue Jun 21 15:44:17 UTC 2011
Alex Brollo wrote:
> I know python much better than PHP, so I feel myself reasonably comfortable
> with cgi python module dealing with simple tests of html queries. In the
> meantime, I'm worried abut possible safety issues, so what is your suggestion
> to fix any coding/setting mistake? Have I to publish here, or into toolserver
> wiki, my code? As you guess, I'm not so deep into such issues.
It's a bit unclear what you mean by safety issues. I'll assume you mean XSS
vulnerabilities, SQL injection, etc.
It's rather simple, really: sanitize all input and all output. If you do
that, it doesn't really matter how bad or ugly the HTML or CSS is.
You can read <https://wiki.toolserver.org/view/Tool_considerations#Security>
which has a bit more information about tool security.
As you're working in PHP, you might also find
<http://www.mediawiki.org/wiki/Security_for_developers> useful, though it's
obviously targeted primarily at MediaWiki development.
You should set a default license for your tools/scripts using "setlicense"
and then you can specify licenses for individual tool/scripts as necessary.
There's a general expectation that the tools and scripts that you write will
be released under a free/open source license, but I'm not sure if that's an
actual requirement ("must") or simply an expectation ("should").
If you have specific questions, feel free to ask on this list or IRC.
MZMcBride
More information about the Toolserver-l
mailing list