how safe is Python for CGI?
sismex01 at hebmex.com
sismex01 at hebmex.com
Mon Oct 7 19:13:28 EDT 2002
> From: DG [mailto:david at fielden.com.au]
>
> Greetings,
>
> I am thinking about using Python's CGI capabilities to write
> some simple web front ends to a database. The web server is
> running apache under Linux, Python 2.2.1.
>
> How secure is Python for this? For example, it seems that I
> will need to put the database path, username and password into
> the database connect() line in the cgi-bin script, is it
> possible for someone to download the script from the cgi-bin
> directory without running it, and then inspect the
> source to find the database path/user/pass?
>
> What are common Python practices to circumvent this, if it is
> a problem?
>
> Are there any other gotchas to this sort of script?
>
> tia
>
> Rowdy
>
This is responsability of your Apache installation,
not Python's. You have to mark your cgi-bin directory
as executable, non-browsable, etc etc.
There's other FAQs you can search for which contain
detailed documentation on this subject.
Google is your friend :-)
-gustavo
More information about the Python-list
mailing list