[Flask] Flask Extension Development

Gergely Polonkai gergely at polonkai.eu
Wed Jul 5 04:33:04 EDT 2017


I like the idea, although unless I can deliberately hide some views, or
much better, if I can select which routes I want to expose, this is a no-go.

There are routes in some of my apps I definitely don't want to expose, like
administrative ones.

Also, with routes that require parameters, you will have to expose metadata
on what type of data goes there, what the format might be, etc. And even
though I tell my users to put an integer in a specific parameter, attackers
will still try to inject something else to exploit my app (although that
might happen even if I don't expose my routes.) Be ready for security
concerns on the long run!

About the Flask registry, I wouldn't bother uploading it there until some
level of maturity. Post the library here and there, and if others like it
and start using it, you may think about it again.


On Tue, Jul 4, 2017, 22:45 Alena Lifar <alenaslifar at gmail.com> wrote:

> Hello everyone,
> My name is Alena and I have been working on a Flask Extension that
> collects and exposes routes declared in your Flask application/Blueprint
> via REST.
> Here is Github project: https://github.com/UseTheApi/flask_url_discovery
> Could anyone please take a look and let me know if this could be useful?
> Do you think it has a chance to be added into Flask Extension Registry? Is
> there anything I have to improve?
> I have found this link:
> http://librelist.com/browser/flask/2010/7/25/flask-extension-review-status/ which
> points to http://github.com/mitsuhiko/flask/tree/master/extreview/ for
> Flask Extensions review and approval but this link is dead.
> Thank you for your time.
> Kind regards,
> Alena
> _______________________________________________
> Flask mailing list
> Flask at python.org
> https://mail.python.org/mailman/listinfo/flask
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20170705/6c5729f9/attachment.html>

More information about the Flask mailing list