how safe is Python for CGI?
DG
david at fielden.com.au
Mon Oct 7 19:11:05 EDT 2002
Greetings,
I am thinking about using Python's CGI capabilities to write some simple web
front ends to a database. The web server is running apache under Linux,
Python 2.2.1.
How secure is Python for this? For example, it seems that I will need to
put the database path, username and password into the database connect()
line in the cgi-bin script, is it possible for someone to download the
script from the cgi-bin directory without running it, and then inspect the
source to find the database path/user/pass?
What are common Python practices to circumvent this, if it is a problem?
Are there any other gotchas to this sort of script?
tia
Rowdy
More information about the Python-list
mailing list