Didar Hossain wrote: > Hi, > > This is a little off-topic, but, I though I might put this question in. > > Since I am learning Python, I was wondering if there are any good > references on secure > coding practices. Books, guides or even any howtos would suffice. > > Security seems to be almost always an after-thought rather than being > ingrained into > any course that I have come across including the ones that they have > in college degrees. > > If this question is inappropriate for this list then please let me > know and accept my apologies > (EAFP) ;-)
Common tips for python: 1. Don't trust the user! Any data from raw_input() (py2.x) or input() (py3.x), etc must be validated. 2. Don't trust files! Data coming from open(), urlopen(), etc must go through the same rigorous process as user input. 3. Use extreme caution when dynamically generating code. This includes python's built-in eval/exec, SQL statements, shell call, etc. Prefer APIs. 4. In some cases, don't trust the environment! A malicious user or virus could attach themselves to the OS's stdin/stdout/file-read/write/shell. (Don't take this seriously, a program with no input and no output is a waste of space and time) 5. In extreme situation, don't even trust external modules or even the standard library. 6. And finally, in any case, don't assume that Guido don't have a hidden agenda. _______________________________________________ Tutor maillist - Tutor@python.org To unsubscribe or change subscription options: http://mail.python.org/mailman/listinfo/tutor
