July 2017
Beginner to intermediate
340 pages
7h 43m
English
Content preview from Python Microservices Development
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Asserting incoming data
The first principle, assert incoming data, just means that your application should not blindly execute incoming requests without making sure what will be the impact.
For instance, if you have an API that will let a caller delete a line in a database, you need to make sure the caller is allowed to do it. This is why we've added authentication and authorization earlier in this chapter.
But there are other ways to breach in. For example, if you have a Flask view that grabs JSON data from the incoming request and uses it to push data to a database, you should verify that the incoming request has the data you are expecting, and not blindly pass it over to your database backend. That's why it can be interesting to use Swagger ...