Re: GSoC: Hosted Scanner

[Mike Smith <scgtrp () gmail com>]

(Was this supposed to go to the mailing list? Replying there anyway.)

On Mon, Mar 29, 2010 at 1:14 AM, Michael Pattrick
<mpattrick () rhinovirus org> wrote:
> Hello Mike,
>
> The hosted scanner is a neat project, here are a few tips for your application:
>  - Python is probably better, as the Nmap family of projects already
> has several dependencies on Python, and adding different dependencies
> is no fun.
Well, that works out nicely. I like Python more anyway :)

>  - The hosted scan page already has a lot of the details worked out in
> abstract, but you should still communicate how you will meet the
> important requirements. Ie, do you have any techniques for sanitizing
> input.
"Follow best-practices for CGI security, such as limiting field values
to known-trusted patterns rather than trying to remove "bad"
characters."
Not sure I can say it any better than that, for example no valid port
range would ever contain anything but numbers and dashes.

>  - While a lot of the details have already been flushed out, there is
> still room for creativity. Be sure to include any unique ideas you
> have for the project.
Nothing interesting currently, but I'll be sure to include anything I think of.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/