Sunday, 1 January 2017

python - Sanitizing arbitrary user input

I'm working on a web service that accepts STL files, does some simple processing on them (count facets, calculate total volume, etc) and returns some stats to users. There's no database or persistence planned (although that might be added at some point in the future.) Users can either upload files or point to a URL.



What should I be thinking about in order to sanitize use input and secure the Tornado server?





  • I'm using the templating system which auto-escapes html.

  • I can also impliment logic that checks that input "looks like" valid STL format as I parse it: binary STL is just floats; I also know what the format for ascii STL looks like.

  • I've done a bit of initial research including:




Am I missing anything obvious?

No comments:

Post a Comment

c++ - Does curly brackets matter for empty constructor?

Those brackets declare an empty, inline constructor. In that case, with them, the constructor does exist, it merely does nothing more than t...