Book Image

Learning Website Development with Django

Book Image

Learning Website Development with Django

Overview of this book

Table of Contents (18 chapters)
Learning Website Development with Django
Credits
About the Author
About the Reviewers
Preface
Index

A Word on Security


At the beginning of this chapter, we designed a web form that accepts user input, stores it in the database and presents it to the visitors of the site. Since our application will be open to the public, anyone can register and submit whatever data they want. Therefore, we need to take certain precautions to handle the situation in which malicious data is supplied.

The golden rule in web development is "Do not trust user input, ever." You must always validate and sanitize user input before saving it to the database, and before presenting it in HTML pages. In this section, we will discuss how to achieve this, and how to avoid two common vulnerabilities in web applications.

SQL Injection

One of the most common attacks on web applications is SQL injections, in which the attacker uses certain techniques to manipulate SQL queries and obtain data or store malicious data into the database. SQL injection vulnerabilities happen when the developer uses input to construct SQL queries...