I have another solution the variables returned by globals() is
writable to the lowest namespaced module. I believe that using a
simple script inside of the web servers user is a broader arrangement.
in your main module add something like:
globals().update({'__builtins__':thisUsersPrototypes})
in that users file access routine handlers add:
fileFor=UserRightsDB.get(thisSession)&FilePermissions
if not fileFor:
return([400,Headers])
you will find that the user has limited or no access outside of that
namespace unless redirected by an admin. Simple way.
On 12/14/09, Jason Garber <[email protected]> wrote:
> On Mon, Dec 14, 2009 at 2:42 AM, amvtek <[email protected]> wrote:
>
>
>> Main risk we are trying
>> to mitigate, is the one of an 'exploit' on application, at the end of
>> which the attacker will have gained the privileges of application
>> effective user. If 'private file' is directly owned by this user, the
>> attacker would be in position to read it.
>
>
> Hi Amvtek,
>
> The problem you are trying to solve is common in our field. What type of
> data are you trying to protect?
>
> -JG
>
> --
>
> You received this message because you are subscribed to the Google Groups
> "modwsgi" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/modwsgi?hl=en.
>
>
>
--
You received this message because you are subscribed to the Google Groups
"modwsgi" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/modwsgi?hl=en.
