Python web aps - A matter of security
lloyd at paisite.com
lloyd at paisite.com
Sat Jan 5 13:41:02 EST 2008
Hello,
I'm developing a Python-based web ap, but don't understand how to best organize the modules and set permissions for maximum security.
Here's how the Python code for my ap is organized:
1) I have Python modules in a project directory. The path to that directory is in a *.pth file in the .*/pythonx-y/site-packages directory.
Question: who should own these modules; what groups should have access, and how should permissions be set?
2) I have high-level modules that import the worker-bee modules in the web root directory tree that are called by the webserver.
Questions: who should own these modules, what groups should have access, and how should permissions be set?
3) Is there a better way to organize my Python modules? Are there other security issues I should heed?
Many thanks,
Lloyd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20080105/c99c6079/attachment.html>
More information about the Python-list
mailing list