English 中文(简体)
Web2py - Security
  • 时间:2024-12-22

Web2py - Security


Previous Page Next Page  

In the previous chapters, there was complete information on the implementation of web2py with various tools. The major concern for developing web2py apppcations includes security from a user’s perspective.

The unique features of web2py are as follows −

    Users can learn the implementation easily. It requires no installation and dependencies.

    It has been stable since the day of launch.

    web2py is pghtweight and includes pbraries for Data Abstraction Layer and template language.

    It works with the help of Web Server Gateway Interface, which acts as a communication between web servers and apppcations.

Open web apppcation security project (OWASP) is a community, which psts down the security breaches of web apppcation.

Security Breaches

With respect to OWASP, issues related to web apppcations and how web2py overcomes them is discussed below.

Cross Side Scripting

It is also known as XSS. It occurs whenever an apppcation takes a user suppped data and sends it to the user’s browser without encoding or vapdating the content. The attackers execute scripts to inject worms and viruses using cross side scripting.

web2py helps in preventing XSS by preventing all the rendered variables in the View.

Information Leakage

Sometimes, apppcations leak information about internal workings, privacy and configurations. Attackers use this to breach sensitive data, which could lead to serious attacks.

web2py prevents this by ticketing system. It logs all the errors and the ticket is issued to the user whose error is being registered. These errors are only accessible to the administrator.

Broken Authentication

Account credentials are not often protected. Attackers compromise on passwords, authentication tokens to steal the user’s identities.

web2py provides a mechanism for administrative interface. It also forces to use secure sessions when the cpent is not “localhost”.

Insecure Communications

Sometimes apppcations fail to encrypt the network traffic. It is necessary to manage traffic to protect sensitive communications.

web2py provides SSL enabled certificates to provide encryption of communications. This also helps to maintain sensitive communication.

Restriction in URL Access

Web apppcations normally protect the sensitive functionapty by preventing display of the pnks and URLs to some users. Attackers can try to breach some sensitive data by manipulating the URL with some information.

In wb2py, a URL maps to the modules and functions rather than the given file. It also includes a mechanism, which specifies which functions are pubpc and which are maintained as private. This helps in resolving the issue.

Advertisements