Join us and get access to thousands of tutorials and a community of expert Pythonistas.
This lesson is for members only. Join us and get access to thousands of tutorials and a community of expert Pythonistas.
Avoiding Security Mistakes
00:00 If you’re dealing with a web app or any system that takes inputs or interacts in any way with users, you should definitely pay attention to the security of your code. But first, let’s define security.
00:15 Quality code is secure, meaning it prevents vulnerabilities and protects sensitive data by defending against malicious inputs and attacks.
00:26
Take this block of code, for example. It uses the built-in input() function to grab the user input. The user should provide the amount of money to withdraw. What’s happening here is that after you receive the input, you’re converting it into an integer, then you’re setting the available balance to a thousand here, it’s a random number, and printing the withdrawn amount and the remaining balance after. Everything might seem okay, but what if the input value is more than the available amount?
01:00 The user has requested two thousand and has actually received the two thousand, and now somehow has negative balance. The code has an error because the input value is greater than the available amount and there’s no validation in place.
01:16
As a result, the code gives out more money than it should. Maybe you think this doesn’t really happen in the real world, but still, it’s a simple example of a security flaw. Here is the same logic, but now with an if-else block that validates the user input.
01:37 If the entered amount is bigger than the available balance, then right off the bat, the user gets insufficient funds.
01:46 As a general rule of thumb, always sanitize and validate user input. You just learned that you need to think about securing your code when it comes to systems that interact with users in any way.
Become a Member to join the conversation.
