how safe is Python for CGI?
Jeff Davis
jdavis at empires.org
Tue Oct 8 01:12:29 EDT 2002
Shouldn't be a problem. Nobody can read your executable scripts unless you
misconfigure apache. If you tell apache that it's supposed to execute .cgi
files, or files in your /cgi-bin directory, then it will.
One thing you should be careful of, however, is that if others have remote
login ability to your machine, make sure they can't just read the file
with a text editor.
Regards,
Jeff Davis
> I am thinking about using Python's CGI capabilities to write some simple
> web
> front ends to a database. The web server is running apache under Linux,
> Python 2.2.1.
>
> How secure is Python for this? For example, it seems that I will need to
> put the database path, username and password into the database connect()
> line in the cgi-bin script, is it possible for someone to download the
> script from the cgi-bin directory without running it, and then inspect
> the source to find the database path/user/pass?
>
> What are common Python practices to circumvent this, if it is a problem?
>
> Are there any other gotchas to this sort of script?
More information about the Python-list
mailing list