我正在使用bottle.py
,Beaker
为会话和一个自定义的 AAA 编写模块编写一个 Web 应用程序,因为我担心许多人担心安全性以及防止像我提到的那样的目标攻击的最佳方法。
例如,我有以下代码:
@route('/manage/adddomain',method='POST')
def adddomain():
#This checks if user has enough power to create a domain
aaa.require(50,'/forbidden')
user = aaa.getusername() # This is retrieved from a server side session
domainname = request.forms.get('domain')
description = request.forms.get('description')
# Additional checks are performed in the sql module
# to protect against forged requests with valid login
return sql.createdomain(user,domainname,description)
您会执行哪些额外检查来保护您的 Web 应用程序?