summarizing, web2py is just an executable. It protects you by default from
directory traversal attacks.
Everything but static folder is dinamically created by the executable.
You may want to serve static with your webserver of choice to relieve the
burden off of web2py shoulders, but ultimately
I know this is REALLY old but this topic is crucial to production and gets
VERY little attention.
So, it seems that the lock script has to run AFTER the web2py server has
been started by www-data (as a daemon by UWSGI, for example).
Or, can root start everything even in its locked state?
I
If the web2py server runs as www-data thatn web2py/ should be owned by
www-data and it should have read write permissions. You can then lock
your apps running
web2py/scripts/web2py-lock.sh
On Jan 5, 6:50 am, Branko Vukelić stu...@brankovukelic.com wrote:
If you want 644 perms on the directory,
Where can I read more detailed about it? Is there it in the web2py
book?
4 matches
Mail list logo
