PyQT app accessible over network?

Frank Millman frank at chagford.com
Mon Feb 25 03:02:07 EST 2013 

On 25/02/2013 08:35, Chris Angelico wrote:
> On Mon, Feb 25, 2013 at 5:14 PM, Frank Millman <frank at chagford.com> wrote:
>> On 24/02/2013 16:58, Chris Angelico wrote:
>>> MySQL has a philosophical structure of "user logs in to app,
>>> but app logs in to database as superuser regardless of user login".
>>
>> Out of curiosity, is there anything wrong with that approach?
>>
>> The project I am developing is a business/accounting application, which
>> supports multiple database systems - at this stage, PostgreSQL, MS SQL
>> Server, and sqlite3.
>>
>> I use exactly the philosophy you describe above. If I relied on the RDBMS's
>> internal security model, I would have to understand and apply each one
>> separately.
>
> Fundamentally no; it's a viable approach, as evidenced by the success
> of MySQL and the myriad applications that use it in this way. It's a
> matter of damage control and flexibility. Suppose your web server were
> to be compromised - there are so many exploits these days that can
> result in files on the server being unexpectedly read and transmitted
> to the attacker. Your database superuser password (or, let's hope,
> "just" database admin) is compromised, and with it the entire
> database. This also forces you to treat the web application (usually
> PHP scripts) as back-end.
>

[snip much valuable food for thought]

>
> I'm sure others can weigh in with a lot more detail.
>

Thanks for the input, Chris - much appreciated.

I don't have a lot of experience in this area, but it is a very 
important topic and I have applied my mind to the issues as best I can, 
so I would appreciate a critique of my current approach.

The main app is written in python. It is designed to run on a server. It 
could be on the same server as the database or not - the person setting 
up the system supplies the connection parameters.

The app runs a web server (cherrypy) which anyone can connect to via a 
browser, with a valid userid and password. User credentials are stored 
in the database, and the system has its own mapping of which users (or 
rather roles) have access to which tables. The front end is written in 
Javascript.

So to refer to your two concerns of damage control and flexibility, the 
second one does not really apply in my case - I would never want the 
main app to run on a desktop.

Regarding security, obviously it is a concern. However, the various user 
ids and passwords have to be stored *somewhere*, and if it is 
compromised I would have thought that they would be equally vulnerable.

There is one idea I think is worth looking into, when I have time. I 
subscribe to the 'getmail' mailing list, and for a long time the 
maintainer has resisted pressure to encrypt the mailbox password in the 
configuration file, on the grounds that if the password is vulnerable, 
the encryption method is equally vulnerable, so it would give a false 
sense of security. However, he has recently been persuaded of the merits 
of using something called a 'keyring'. I don't know much about it, but 
it is on my list of things to look at some time.

All comments welcome.

Frank

More information about the Python-list mailing list