setup server from scratch (with or without apache?)
News123
news1234 at free.fr
Mon Jun 21 20:37:57 EDT 2010
Hi Kruptein,
Kruptein wrote:
> I think that apache and mod_python are good enough, but I'm not an
> expert.
>
> but I think that the security aspect for a large part depends on how
> secure your code is.
>
> You can have a very secure server setting, but somewhere a bug in your
> code that makes it insecure.
Agreed. There's a lot of potential to make stupid things in one's own code.
In my case however I'd like to reject access to anybody not having a
client certificate.
Though users should be identified by their certificcates it would (in my
current case) not be a major disaster if one user would gain control
over another user's data.
The group of users is limited and all users are trusted during the live
time of their certificate.
Most important for me is, that my python script is only called when the
certificate is valid.
More information about the Python-list
mailing list