Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Python Microservices Development

You're reading from   Python Microservices Development Build, test, deploy, and scale microservices in Python

Arrow left icon
Product type Paperback
Published in Jul 2017
Publisher Packt
ISBN-13 9781785881114
Length 340 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Tarek Ziadé Tarek Ziadé
Author Profile Icon Tarek Ziadé
Tarek Ziadé
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Understanding Microservices 2. Discovering Flask FREE CHAPTER 3. Coding, Testing, and Documenting - the Virtuous Cycle 4. Designing Runnerly 5. Interacting with Other Services 6. Monitoring Your Services 7. Securing Your Services 8. Bringing It All Together 9. Packaging and Running Runnerly 10. Containerized Services 11. Deploying on AWS 12. What Next?

Securing your code


In the previous section, we've looked at how to set up a simple WAF. The rate limiting feature we've added is useful but protects us from just one possible attack. Without being paranoid, as soon as you are exposing your app to the world, there are numerous possible attacks, and your code needs to be designed with that threat in mind.

The idea behind secure code is simple, yet hard to do well in practice. The two fundamental principles are:

  • Every request from the outside world should be carefully assessed before it does something in your application and data
  • Everything your application is doing on a system should have a well-defined and limited scope

Let's look at how to implement these principles in practice.

Asserting incoming data

The first principle, assert incoming data, just means that your application should not blindly execute incoming requests without making sure what will be the impact.

For instance, if you have an API that will let a caller delete a line in a database...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at R$50/month. Cancel anytime