On Mon, 2009-03-23 at 12:31 -0700, Bobby Roberts wrote:
[...]
> I thought I read that there was a way to chk data for sql query
> injections / cross site scripting etc before insertion
The whole thing about SQL injections is that there is no way to 100%
reliably "check for them". So you don't
I'm not sure how django has built it sql injection protection, but I
would guess that when you fx do model.save() or form.save()
that the functions actually making the sql to the db makes sure
that there are no injections by making place holders for data ect.
XSS is something I do know how work,
> Cleaning data is not in place as a security measure, but rather to
> help you validate the data. That means that you can check the data
> and find out if it fill your requirements. If you have a text field
> and
> want users to type in a serial number, you probably need some
> custom validation
Hi
I'll try to help answer your 3 Qs
> 1. what does cleaning actually do... prevent sql query injections?
> Anything else?
Cleaning data is not in place as a security measure, but rather to
help you validate the data. That means that you can check the data
and find out if it fill your requireme
4 matches
Mail list logo
