简体繁体 English

如何保护不需要POST和GET的Django Deliciouspie REST API

[英]How to secure Django Tastypie REST API which needs no credentails for POST and GET

原文 2014-10-17 08:50:25 8 2 python/ django/ rest/ https/ django-rest-framework

Hi am having an API url when a user submits the page, URL will be called and POSTED data will be saved in DB through tastypie api. 嗨，当用户提交页面时，我拥有一个API URL，URL将被调用，并且POSTED数据将通过tastypie api保存在DB中。

My question here is, 我的问题是

Am not using credentials while POSting data since it is a form submission, so when an intruder comes to know about my API url and data to be posted he can post bulk amount of data to my DB and crash it,right? 由于数据是表单提交，因此在POS数据处理过程中不使用凭据，因此，当入侵者知道我的API网址和要发布的数据时，他可以将大量数据发布到我的数据库并将其崩溃，对吗？

How to prevent this or it is already prevented by any measure,Please Explain. 如何防止这种情况或已经采取了任何措施，请解释一下。

Thanks. 谢谢。

2 个解决方案

我尚未与stylishpie合作，但他们的文档中有一个身份验证和授权部分。

If you need to allow people to POST with no auth, then there is nothing you can do to prevent someone just POSTing random data. 如果您需要允许人们在不进行身份验证的情况下进行POST，那么您将无法采取任何措施来阻止仅发布随机数据的人。 What you can do is throttling the user so they don't post that much data. 您可以做的是限制用户，这样他们就不会发布太多数据。

http://django-tastypie.readthedocs.org/en/latest/throttling.html http://django-tastypie.readthedocs.org/en/latest/throttling.html

Django API Deliciouspie和FK POST - Django API tastypie and FK POST

MySQL更新不会触发Django / TastyPie REST API - MySQL On Update not triggering for Django/TastyPie REST API

Django Tastypie 创建 API，它接受 POST 数据但不在数据库中创建任何条目 - Django Tastypie create API which accepts POST data but not creates any entry in database

如何使用Django / Tastypie API创建CRUD？ - How to create CRUD using Django/Tastypie API?

Django Tastypie：如何使用API密钥进行身份验证 - Django Tastypie: How to Authenticate with API Key

如何post数据到Django rest API - How to post data to Django rest API

django-tastypie中的Get，POST，PUT和DELETE的单独功能 - Separate functions for Get, POST, PUT and DELETE in django-tastypie

django tastypie对于POST方法始终返回401，并且对于GET效果很好 - django tastypie returning 401 always for POST method and works well for GET

如何在Django / Tastypie / REST中通知应用程序凭据已成功 - How to notify an app that credentials were successful in Django/Tastypie/REST

Django Tastypie缓慢的POST响应 - Django Tastypie slow POST response

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Django API Deliciouspie和FK POST - Django API tastypie and FK POST MySQL更新不会触发Django / TastyPie REST API - MySQL On Update not triggering for Django/TastyPie REST API Django Tastypie 创建 API，它接受 POST 数据但不在数据库中创建任何条目 - Django Tastypie create API which accepts POST data but not creates any entry in database 如何使用Django / Tastypie API创建CRUD？ - How to create CRUD using Django/Tastypie API? Django Tastypie：如何使用API密钥进行身份验证 - Django Tastypie: How to Authenticate with API Key 如何post数据到Django rest API - How to post data to Django rest API django-tastypie中的Get，POST，PUT和DELETE的单独功能 - Separate functions for Get, POST, PUT and DELETE in django-tastypie django tastypie对于POST方法始终返回401，并且对于GET效果很好 - django tastypie returning 401 always for POST method and works well for GET 如何在Django / Tastypie / REST中通知应用程序凭据已成功 - How to notify an app that credentials were successful in Django/Tastypie/REST Django Tastypie缓慢的POST响应 - Django Tastypie slow POST response

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM