Python, Web 보안 (기초)
1. SQL Injection
- string format 쿼리
: 사용자의 조작된 입력값으로 공격을 받게 되는 부분을 차단
cur = db.cursor()
query = "SELECT * FROM user_table where user = %s" % user_id
c.execute(query)
2. XSS ( Cross-site Scripting )
- html코드를 string format를 통해서 escape처리
: 의도하지 않는 사용자의 조작된 코드를 방지
return "<'h1>hello, %s! <'/h1>" % user
3. XRF( Cross-site request forgery )
- flask패키지를 통해서 입력폼을 검증
<form method="POST" action="/"> {{ form.csrf_token }} {{ form.name.label }} {{ form.name(size=20) }} <input type="submit" value="Go"> </form>
* 참조
https://swalloow.github.io/flask-security , python
https://www.google.co.id/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=0ahUKEwiTvfvjh-_UAhUDp48KHdanCqcQFggzMAI&url=https%3A%2F%2Fwww.cs.utexas.edu%2F~shmat%2Fcourses%2Fcs380s_fall09%2F10webappsecurity.ppt&usg=AFQjCNGMlgsoxIp_n-fNUf_Y_XrWg6Inig , Security of Web Applications
http://flask.pocoo.org/docs/0.12/security/, flask
http://nisam.tistory.com/8 , PHP
'Web Tech. > Python' 카테고리의 다른 글
| Python Lists 강좌 ( 원문, google.com ) (0) | 2017.07.05 |
|---|---|
| Python 예제 (0) | 2017.07.04 |
| vagrant up, Authentication failure. Retrying 발생시 (0) | 2017.05.16 |
| 빅데이타와 Python (0) | 2017.02.07 |
| Eclipse(이클립스), Python Editor 설치 (0) | 2016.11.16 |
StartGuide
I want to share the basic to programming of each category and how to solve the error. This basic instruction can be extended further. And I have been worked in southeast Asia more than 3 years. And I want to have the chance to work another country.