[Tutor] Tainted characters and CGI
Tim Johnson
tim at johnsons-web.com
Mon Oct 31 23:57:10 CET 2005
* Ron Weidner <xecronix at yahoo.com> [051031 12:38]:
>
>
> --- Tim Johnson <tim at johnsons-web.com> wrote:
>
> > Hello:
> > I need to tighten my handling of CGI transmissions.
> > I particular, I need to develop a strategy of safely
> > dealing with "tainted" characters.
>
> Ahh... tainted characters. If by "tainted" you mean
> not UTF-8, there is a c tool called "iconv" that fixes
> "tainted" characters. I believe Python has a wrapper,
> but I didn't check before sending this e-mail. Good
> luck and please write back if you implement a working
> solution.
Now that's serendipity for ya. I wasn't thinking about
none-UTF-8 characters, but that's a good thread to
investigate also.
Actually, google gives me a thread
http://mail.python.org/pipermail/tutor/2005-August/040619.html
regarding handling of characters passed from a CGI post
that could be exploited by malicious hacking.
thanks
tim
--
Tim Johnson <tim at johnsons-web.com>
http://www.alaska-internet-solutions.com
More information about the Tutor
mailing list