I'm pretty sure he is talking about protecting the data in the event that his `apache` (or similar) user is "owned" by a serious problem in the the any component of the software stack (OS, apache, mod_wsgi, application, libraries, etc...).
On Fri, Dec 18, 2009 at 9:20 AM, Brochester L <[email protected]> wrote: > I have another solution the variables returned by globals() is > writable to the lowest namespaced module. I believe that using a > simple script inside of the web servers user is a broader arrangement. > in your main module add something like: > globals().update({'__builtins__':thisUsersPrototypes}) > in that users file access routine handlers add: > fileFor=UserRightsDB.get(thisSession)&FilePermissions > if not fileFor: > return([400,Headers]) > you will find that the user has limited or no access outside of that > namespace unless redirected by an admin. Simple way. > > On 12/14/09, Jason Garber <[email protected]> wrote: > > On Mon, Dec 14, 2009 at 2:42 AM, amvtek <[email protected]> wrote: > > > > > >> Main risk we are trying > >> to mitigate, is the one of an 'exploit' on application, at the end of > >> which the attacker will have gained the privileges of application > >> effective user. If 'private file' is directly owned by this user, the > >> attacker would be in position to read it. > > > > > > Hi Amvtek, > > > > The problem you are trying to solve is common in our field. What type of > > data are you trying to protect? > > > > -JG > > > > -- > > > > You received this message because you are subscribed to the Google Groups > > "modwsgi" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<modwsgi%[email protected]> > . > > For more options, visit this group at > > http://groups.google.com/group/modwsgi?hl=en. > > > > > > > > -- > > You received this message because you are subscribed to the Google Groups > "modwsgi" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<modwsgi%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/modwsgi?hl=en. > > > -- You received this message because you are subscribed to the Google Groups "modwsgi" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/modwsgi?hl=en.
