Chapter 22.3. Avoiding Common Security Pitfalls
There are three common security problems in web applications: buffer overruns, Cross-Site Scripting (XSS) attacks, and SQL injection attacks. Because TurboGears applications are written in Python, your potential exposure to buffer overuns is minimal.
That leaves XSS and SQL injection attacks. XSS is made possible when user input is rendered to HTML without being escaped. Fortunately Kid escapes everything you insert into your template for you automatically. As a result, the only time you need to think about XSS attacks is when you are using Kid’s XML function to bypass escaping.
In addition, SQLObject automatically escapes any strings you pass into it; so, unless you are constructing SQL by hand, ...
Get Rapid Web Applications with TurboGears: Using Python to Create Ajax-Powered Sites now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
