HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Programming/Scripts (http://www.howtoforge.com/forums/forumdisplay.php?f=7)
-   -   Python web programming security (http://www.howtoforge.com/forums/showthread.php?t=17439)

Karel 18th November 2007 21:04

Python web programming security
 
Hello,

I'm looking for suggestions about Python security. I have a relatively small webserver, providing "VIP" webhosting (read not the usual slow server+PHP+MySQL+unlimited traffic except when you really use it) and I need to have an "administration panel". I didn't go for ISPConfig or anything similar, they are overcomplicated and hard to customize for my (customers') needs (e.g. joining svn, Trac, phpBB, email and ftp logins together). My current panel is a bunch of PHP scripts, it 'works' but is very hard to maintain (adding new features is even harder).

Recently, I read through several Python manuals and it seems to me that the language provides exactly what I need. It has less overhead than Java and is 'nicer' (object-oriented, readable) than PHP/Perl. Now, making the administration interface itself is simple, as are several SQL queries to add e.g. ftp users, but rest of the scripts (I guess 80%) is just checking and sanitizing user input, checking permission (e.g. whether current user can edit this domain emails).

I wasn't able to find any tutorials about preventing SQL injections etc., but I guess there will be a simple function to do that (as I have seen many Python web frameworks). Also, are there any nice tutorials about mod_python sessions? Python seems to have better support for sessions, as you probably can save a whole class instance (I'm not sure about this).

I wonder what should I do...


All times are GMT +2. The time now is 13:30.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.