On 2011-03-23 00:05:06 -0700, Justin Francis said:
is there a better safeguard? or do all paste websites (such as reddit,
quora, and so on) share this potential security issue?
There's actually a very simple way to secure debugging; instead of
debug = true, set debug = <hostname>.
If the hostname doesn't match, debug is False. Boom, if absent minded
developers ship the same configuration from development to production,
they remain secure.
Also, +9000.1 (over nine thousand!) on 127.0.0.1 instead of 0.0.0.0.
— Alice.
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
