Python web aps - A matter of security
Daniel Fetchinson
fetchinson at googlemail.com
Sat Jan 5 22:58:39 EST 2008
On 1/5/08, lloyd at paisite.com <lloyd at paisite.com> wrote:
> Hello,
>
> I'm developing a Python-based web ap, but don't understand how to best
> organize the modules and set permissions for maximum security.
>
> Here's how the Python code for my ap is organized:
>
> 1) I have Python modules in a project directory. The path to that directory
> is in a *.pth file in the .*/pythonx-y/site-packages directory.
>
> Question: who should own these modules; what groups should have access, and
> how should permissions be set?
>
> 2) I have high-level modules that import the worker-bee modules in the web
> root directory tree that are called by the webserver.
>
> Questions: who should own these modules, what groups should have access, and
> how should permissions be set?
>
> 3) Is there a better way to organize my Python modules? Are there other
> security issues I should heed?
>
> Many thanks,
>
> Lloyd
Are you using any of the many available web frameworks like
turbogears, django, etc?
If so your best option is probably to use the
authentication/authorization capabilities of these frameworks and then
you won't have to worry about it too much.
Cheers,
Daniel
More information about the Python-list
mailing list