WP-A: A New URL Shortener
Daniel Wilcox
dmw at yubasolutions.com
Thu Mar 17 18:34:42 EDT 2016
+list
Cool thanks, highly recommended to use an ORM to deter easy SQL
injections. I heard django mentioned I'd vouch for that. BTW you can get
a free (like actually free--don't get me started) certificate for your
server from letsencrypt.org. I noticed you weren't using HTTPS.
Django would also make it easy to add a user registration system -- once
you register a custom domain I don't see any way to update it. You could
add stuff like that, usage counts, even the ability to browse other users
shortened URLs (put that in a privacy policy if you do it).
I noticed also that after creating a test URL the links below to create new
ones were just a link to the current page, FYI.
I don't think changing the way you store the the urls in the sqlite
database will change much regarding injection. You should avoid crafting
queries by hand or... use this as an exercise to see what you can escape
into a URL that might get unescaped later (with hilarious insecurity for
all). Then you'll want to either a) learn SQL escaping for your database
of choice *really really well* or b) use an ORM.
Be well,
-D
On Thu, Mar 17, 2016 at 4:46 AM, Vinicius <me at vmesel.com> wrote:
> Hey Daniel,
>
> Thanks for the idea, but in someway it's already working.
> If you go to the New URL?(http://wp-a.co/new/) you can define a custom
> hash for the shortened URL.
>
> In it's next version the softaare will count onlt with .TXT database, so
> it won't be injectful.
>
> Vinicius Mesel
>
> Em 16 de mar de 2016, às 1:28 AM, Daniel Wilcox <dmw at yubasolutions.com>
> escreveu:
>
> I dare say I'm with Rick on this point -- keep it up, go learn stuff, put
> things together and see how they break -- I think it's the best way to get
> feel for how things fit together and, somewhat inevitably, fall over (when
> the conditions they were designed in no longer apply).
>
> *quick glance at source*
> The raw SQL scares me a bit, there is a lot of escaping that you could add
> to protect from sql injections (at least for mysql, sqlite I'm not sure).
> And since you want to run this on the Internet I highly recommend putting a
> mariadb/mysql database behind it. Glancing over the Flash documentation
> they seem to suggest SQLAlchemy which sounds like a reasonable choice for
> an ORM.
>
> An neat idea I've seen before that was neat was a sematic shorten-er where
> you could specify the shortened URL to make it easy to remember and
> reference. A lot of security, aka input sanitation, involved but might be
> fun -- and who knows it could spark a land rush to claim useful short URLs
> like wp-a.co/flask-tips. :)
>
> Speak up if you need any pointers!
>
> Daniel
>
> On Tue, Mar 15, 2016 at 12:56 PM, Vinicius Mesel <me at vmesel.com> wrote:
>
> Hey guys,
>
>
> I'm a 16 year old Python Programmer that wanted to do something different.
>
> But, like we know, ideas are quite difficult to find.
>
> So I decided to develop a URL Shortener to help the Python community out
>
> and share my coding knowledge, and today the project was launched with its
>
> first stable version.
>
> So if you want to see the software working, go check it out at:
>
> http://wp-a.co/
>
> Or if you want to see the source code to contribute and help the project:
>
> https://github.com/vmesel/WP-A.CO
>
>
>
> Hugs,
>
> Vinicius Mesel
>
> Brazilian and Portuguese Speaker
>
> http://www.vmesel.com
>
>
>
>
> --
>
> https://mail.python.org/mailman/listinfo/python-list
>
>
>
>
More information about the Python-list
mailing list