Reputation: 1359
security best practices for a public POST URL
I'm writing a simple blog using Django, and I'm including a Python CLI script that will allow me to post an entry by sending it as JSON to blog.com/post. Now I obviously don't want anyone to be able to post an entry on my blog, so I'll need to take some security measures.
It seems like a password passed as a URL parameter is a good place to start -- I'll send a POST to blog.com/post?key=foobar. Just to be on the safe side, I should store this on the server salted and hashed. Is this all that will be necessary? I'm also planning on putting the code up on Github when it's ready; will this affect any security decisions I make?
Upvotes: 1
Views: 177
Answers (1)
Reputation: 22439
Tbh I wouldn't bother reinventing the wheel, have a look at django-tastypie which implements a few good ways achieving REST calls. It ships with django and api key authentication (and a few more) and lets you add custom authentication behaviour
Upvotes: 2
Related Questions
- How to secure Django Rest API
- How to properly secure post requests with Django RF apis?
- Protect a GET and POST endpoint?
- Secure URL/page for AnonUser to update a model field - Django Rest framework
- How do I secure my OPEN APIs?
- Safely retrieving data from POST or GET in django
- Django - How to protect web service url - API KEY
- Protecting GET request within Django web application
- Passing a serialized object through a URL
- Django JSON De-serialization Security