What security issues need to be addressed when working with Google App Engine?

2024/10/1 9:40:48

I've been considering using Google App Engine for a few hobby projects. While they won't be handling any sensitive data, I'd still like to make them relatively secure for a number of reasons, like learning about security, legal, etc.

What security issues need to be addressed when working with Google App Engine?

Are they the same issues that other applications - like applications written in other languages or hosted in other ways - are faced with?

Edit: I did some searching it looks like I need to sanitize input for XSS and Injection. What are other things to consider?

Answer

“Sanitising” input is not the way to avoid query-injection and markup-injection problems. Using the correct form of escaping at the output stage is... or, even better, using a higher-level tool that deals with it for you.

So for preventing query-injection against GQL, use the parameter-binding interface of GqlQuery. For preventing markup-injection against HTML (leading to XSS), use the HTML-escaping feature of whatever templating language you're using. For example, for Django templates, |escape... or, better, {% autoescape on %} so you don't accidentally miss one.

https://en.xdnf.cn/q/70978.html

Related Q&A

Supporting multiple Python module versions (with the same version of Python)

I looked around but cannot find a clear answer to my question.I have a very legitimate need for supporting N-versions of the same Python module.If they are stored in the same same package/directory, th…
READ MORE...

ImportError: cannot import name signals

Im using Django 1.3.0 with Python 2.7.1. In every test I write the following imports I get the importError above:from django.utils import unittest from django.test.client import ClientThe full stack tr…
READ MORE...

Return a Pandas DataFrame as a data_table from a callback with Plotly Dash for Python

I would like to read a .csv file and return a groupby function as a callback to be displayed as a simple data table with "dash_table" library. @Lawliets helpful answer shows how to do that wi…
READ MORE...

Nose: How to skip tests by default?

I am using Pythons nose and I have marked some of my tests as "slow", as explained in the attrib plugin documentation.I would like to skip all "slow" Tests by default when running n…
READ MORE...

SQLAlchemy ORM select multiple entities from subquery

I need to query multiple entities, something like session.query(Entity1, Entity2), only from a subquery rather than directly from the tables. The docs have something about selecting one entity from a s…
READ MORE...

How to ensure data is received between commands

Im using Paramiko to issue a number of commands and collect results for further analysis. Every once in a while the results from the first command are note fully returned in time and end up in the out…
READ MORE...

Format Excel Column header for better visibility and Color

I have gone through many posts but did not found the exact way to do the below. Sorry for attaching screenshot(Just for better visibility) as well , I will write it also. Basically it looks like -Name…
READ MORE...

Using multiple keywords in xattr via _kMDItemUserTags or kMDItemOMUserTags

While reorganizing my images, in anticipation of OSX Mavericks I am writing a script to insert tags into the xattr fields of my image files, so I can search them with Spotlight. (I am also editing the …
READ MORE...

JAX Apply function only on slice of array under jit

I am using JAX, and I want to perform an operation like @jax.jit def fun(x, index):x[:index] = other_fun(x[:index])return xThis cannot be performed under jit. Is there a way of doing this with jax.ops …
READ MORE...

Using my own corpus for category classification in Python NLTK

Im a NTLK/Python beginner and managed to load my own corpus using CategorizedPlaintextCorpusReader but how do I actually train and use the data for classification of text?>>> from nltk.corpus…
READ MORE...
Latest Q&A

Copyright @ 2022~2023