lock-web2py.sh is a fantastic idea!
On Jun 10, 4:28 pm, mdipierro mdipie...@cs.depaul.edu wrote:
perhaps we should a web2py/scripts/lock-web2py.sh
On Jun 10, 3:49 pm, Thadeus Burgess thade...@thadeusb.com wrote:
www-data needs write access to databases/cache/sessions etc. IF a
hacker
how about this:
chown -R root:root *.py
chown -R root:root gluon
chown -R root:root scripts
chown -R root:root applications/*/modules/
chown -R root:root applications/*/models/
chown -R root:root applications/*/controllers/
chown -R root:root applications/*/views/
chown -R root:root
This would be a security concern: I do not think you want web
executables / files owned by root.You would then be forced to open
up accessibility to the files (so that something which _is not root_
can run / read them) --- which would weaken security; OR you would
(???) need to run as
if you are looking to prevent access, you should instead be doing
something like this:
chown -R nobody:nobody *.py
... etc.
On Jun 11, 5:41 pm, Yarko Tymciurak resultsinsoftw...@gmail.com
wrote:
This would be a security concern: I do not think you want web
executables / files owned by root.
None of these should be a problem.
On Jun 10, 1:45 pm, Salvor Hardin salvor.pub...@gmail.com wrote:
We selected web2py over django and pylons to replace RoR. Luckily,
that project doesn't require paranoid security (hence our ability to
use RoR in the past.)
But we're evaluating web2py to
None of these should be a problem. Mind that you will not be able to
edit/install/uninstall apps using the web interface.
On Jun 10, 1:45 pm, Salvor Hardin salvor.pub...@gmail.com wrote:
We selected web2py over django and pylons to replace RoR. Luckily,
that project doesn't require paranoid
www-data needs write access to databases/cache/sessions etc. IF a
hacker were able to gain access *somehow* and alter the databases
files, they can kill your entire system by forcing fake migrations or
other issues. Just make sure you have migrate=False and
fake_migrate=False and everything
perhaps we should a web2py/scripts/lock-web2py.sh
On Jun 10, 3:49 pm, Thadeus Burgess thade...@thadeusb.com wrote:
www-data needs write access to databases/cache/sessions etc. IF a
hacker were able to gain access *somehow* and alter the databases
files, they can kill your entire system by
8 matches
Mail list logo
