views:

875

answers:

2

I'm developing a project on google app engine (webapp framework). I need you people to assess how I handle exceptions.

There are 4 types of exceptions I am handling:

  1. Programming exceptions
  2. Bad user input
  3. Incorrect URLs
  4. Incorrect query strings

Here is how I handle them:

  1. I have subclassed the webapp.requesthandler class and overrode the handle_exceptions method. Whenever an exception occurs, I take the user to a friendly "we're sorry" page and in the meantime send a message with the traceback to the admins.

  2. On the client side I (will) use js and also validate on the server side. Here I figure (as a coder with non-web experience) in addition to validate inputs according to programming logic (check: cash input is of the float type?) and business rules (check: user has enough points to take that action?), I also have to check against malicious intentions. What measures should I take against malicious actions?

  3. I have a catch-all URL that handles incorrect URLs. That is to say, I take the user to a custom "page does not exist" page. Here I have no problems, I think.

  4. Incorrect query strings presumably raise exceptions if left to themselves. If an ID does not exist, the method returns None (an exception is on the way). if the parameter is inconvenient, the code raises an exception. Here I think I must raise a 404 and take the user to the custom "page does not exist" page. What should I do?

What are your opinions? Thanks in advance..

+5  A: 

You seem to have thought things through pretty well. The only thing I would add is that you might want to take a look at Bloog as an example. Bloog is a pretty well written and popular open source blog engine for App Engine written in Python.

Also, on Point #2, watch out for these types of Cross Scripting attacks.

As for #4, keep in mind that 404 pages are an opportunity to add some color and creativity to your design.

Serx
Thanks, I will. Any suggestions on points 2 and 4?
shanyu
I updated my response to add some comments on #2 and #4. It sounds like you've already thought this through pretty well.
Serx
Thanks, again. I'll go through the links you have provided.
shanyu
A: 

Ad. #4: I usually treat query strings as non-essential. If anything is wrong with query string, I'd just present bare resource page (as if no query was present), possibly with some information to user what was wrong with the query string.

This leads to the problem similar to your #3: how did the user got into this wrong query? Did my application produce wrong URL somewhere? Or was it outdated link in some external service, or saved bookmark? HTTP_REFERER might contain some clue, but of course is not authoritative, so I'd log the problematic query (with some additional HTTP headers) and try to investigate the case.

zgoda
Thanks for the answer. I guess one of the reasons that leads to point 3 is that a user tries something "unnecessary" by modifying the querystring.
shanyu