Re: [Tutor] [OT] Secure coding guidelines

2009-10-13 Thread Kent Johnson
On Tue, Oct 13, 2009 at 11:49 AM, Serdar Tumgoren wrote: >> In reference to this tip,  my question is why? > >> - don't use string formatting to create SQL statements - use the >> two-argument form of execute() to pass args as a sequence >> > > SQL injection is the primary reason: > > http://en.wi

Re: [Tutor] [OT] Secure coding guidelines

2009-10-13 Thread Serdar Tumgoren
> In reference to this tip,  my question is why? > - don't use string formatting to create SQL statements - use the > two-argument form of execute() to pass args as a sequence > SQL injection is the primary reason: http://en.wikipedia.org/wiki/SQL_injection If you are going to "manually" hit a

Re: [Tutor] [OT] Secure coding guidelines

2009-10-13 Thread Weidner, Ronald
idner=ea@python.org] On Behalf Of Kent Johnson Sent: Saturday, October 10, 2009 8:52 PM To: Didar Hossain Cc: tutor@python.org Subject: Re: [Tutor] [OT] Secure coding guidelines On Sat, Oct 10, 2009 at 5:31 AM, Didar Hossain wrote: > Hi, > > This is a little off-topic, but, I though I

Re: [Tutor] [OT] Secure coding guidelines

2009-10-11 Thread Lie Ryan
Didar Hossain wrote: > Hi, > > This is a little off-topic, but, I though I might put this question in. > > Since I am learning Python, I was wondering if there are any good > references on secure > coding practices. Books, guides or even any howtos would suffice. > > Security seems to be almost

Re: [Tutor] [OT] Secure coding guidelines

2009-10-10 Thread Kent Johnson
On Sat, Oct 10, 2009 at 5:31 AM, Didar Hossain wrote: > Hi, > > This is a little off-topic, but, I though I might put this question in. > > Since I am learning Python, I was wondering if there are any good > references on secure > coding practices. Books, guides or even any howtos would suffice.

Re: [Tutor] [OT] Secure coding guidelines

2009-10-10 Thread Alan Gauld
"Wayne" wrote Data validation is also a good thing: I agree with this bit but... def mysum(n1, n2): try: n1 = int(n1) n2 = int(n2) except ValueError: print "Error! Cannot convert values to int!" return n1+n2 Or do something similar. In a dynamic language

Re: [Tutor] [OT] Secure coding guidelines

2009-10-10 Thread Wayne
On Sat, Oct 10, 2009 at 4:31 AM, Didar Hossain wrote: > Since I am learning Python, I was wondering if there are any good > references on secure > coding practices. Books, guides or even any howtos would suffice. > I'm not sure of any references, but I know of a few things. First, for versions <

[Tutor] [OT] Secure coding guidelines

2009-10-10 Thread Didar Hossain
Hi, This is a little off-topic, but, I though I might put this question in. Since I am learning Python, I was wondering if there are any good references on secure coding practices. Books, guides or even any howtos would suffice. Security seems to be almost always an after-thought rather than bei